[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] QCOW2 cryptography and secure key handling
|
From: |
Daniel P. Berrange |
|
Subject: |
Re: [Qemu-devel] QCOW2 cryptography and secure key handling |
|
Date: |
Tue, 23 Jul 2013 16:40:03 +0100 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Tue, Jul 23, 2013 at 05:22:47PM +0200, Stefan Hajnoczi wrote:
> On Tue, Jul 23, 2013 at 04:40:34PM +0200, Benoît Canet wrote:
> > > More generally, QCow2's current encryption support is woefully inadequate
> > > from a design POV. If we wanted better encryption built-in to QEMU it is
> > > best to just deprecate the current encryption support and define a new
> > > qcow2 extension based around something like the LUKS data format. Using
> > > the LUKS data format precisely would be good from a data portability
> > > POV, since then you can easily switch your images between LUKS encrypted
> > > block device & qcow2-with-luks image file, without needing to re-encrypt
> > > the data.
> >
> > I read the LUKS specification and undestood enough part of it to understand
> > the
> > potentials benefits (stronger encryption key, multiple user keys,
> > possibility to
> > change users keys).
> >
> > Kevin & Stefan: What do you think about implementing LUKS in QCOW2 ?
>
> Using standard or proven approachs in crypto is a good thing. I haven't
> looked at qcow2 encryption in the past because fairly few people
> actually use it.
>
> One use-case I have heard about is qcow2 files over NFS. The network
> and the storage system should not see guest data. Only the host and the
> VM should see the data.
Yep, that is the core usecase. You are securing the system such that
only the VM host administrator/processes can compromise the data. It
is protected against malicious storage and/or network administrators.
> A big win with LUKS is that you can change the passphrase without
> re-encrypting the data.
Other benefits of LUKs are
- Strong encryption key, even if the passphrase itself is weak
- Support for multiple passphrases
- Support for arbitrary different encryption algorithms / settings
- Ability to detect whether the passphrase is correct or not rather
than just decrypting to produce garbage
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, (continued)
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Markus Armbruster, 2013/07/29
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Kevin Wolf, 2013/07/29
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Daniel P. Berrange, 2013/07/29
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Benoît Canet, 2013/07/29
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Benoît Canet, 2013/07/31
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Benoît Canet, 2013/07/31
- Message not available
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Laszlo Ersek, 2013/07/31
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling,
Daniel P. Berrange <=