Re: [Qemu-devel] QCOW2 cryptography and secure key handling

[Benoît Canet]

> > Do you (the block maintainers) have an idea on how the code could be 
> > improved
> > to securely pass the crypto key to the QCOW2 code ?
> 
> More generally, QCow2's current encryption support is woefully inadequate
> from a design POV. If we wanted better encryption built-in to QEMU it is
> best to just deprecate the current encryption support and define a new
> qcow2 extension based around something like the LUKS data format. Using
> the LUKS data format precisely would be good from a data portability
> POV, since then you can easily switch your images between LUKS encrypted
> block device & qcow2-with-luks image file, without needing to re-encrypt
> the data.

Thanks I will read the LUKS specification.

Best regards

Benoît