[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class fo
|
From: |
Daniel P. Berrange |
|
Subject: |
Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling |
|
Date: |
Mon, 19 Oct 2015 16:24:08 +0100 |
|
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Mon, Oct 19, 2015 at 05:18:56PM +0200, Paolo Bonzini wrote:
>
>
> On 19/10/2015 17:09, Daniel P. Berrange wrote:
> > +
> > + switch (secret->format) {
> > + case QCRYPTO_SECRET_FORMAT_UTF8:
> > + if (!g_utf8_validate(input, strlen(input), NULL)) {
> > + error_setg(errp,
> > + "Data from secret %s is not valid UTF-8",
> > + secretid);
> > + goto cleanup;
> > + }
> > + output = input;
> > + input = NULL;
> > + break;
>
> Why validate secrets as UTF-8? In other words why have "utf8" instead
> of "binary" as a possible QCryptoSecretFormat?
JSON doesn't accept arbitrary 8-bit binary data, so the alternative
'base64' is effectively providing binary data facility. Having to
use base64 for plain passwords is rather tedious though, so allowing
utf8 is a much more developer friendly approach for people using QEMU
without a mgmt tool like libvirt.
NB, this dual-format utf8-or-base64 approach matches the approach used
in QEMU guest agent for the guest-file-read/write commands for the same
reason.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
- [Qemu-devel] [PATCH 00/17] Framework for securely passing secrets to QEMU, Daniel P. Berrange, 2015/10/19
- [Qemu-devel] [PATCH 03/17] rbd: add support for getting password from QCryptoSecret object, Daniel P. Berrange, 2015/10/19
- [Qemu-devel] [PATCH 02/17] crypto: add support for loading encrypted x509 keys, Daniel P. Berrange, 2015/10/19
- [Qemu-devel] [PATCH 04/17] curl: add support for HTTP authentication parameters, Daniel P. Berrange, 2015/10/19
- [Qemu-devel] [PATCH 05/17] iscsi: add support for getting CHAP password via QCryptoSecret API, Daniel P. Berrange, 2015/10/19
- [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling,
Daniel P. Berrange <=
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
[Qemu-devel] [PATCH 07/17] qcow2: add a 'keyid' parameter to qcow2 options, Daniel P. Berrange, 2015/10/19
[Qemu-devel] [PATCH 06/17] qcow: add a 'keyid' parameter to qcow options, Daniel P. Berrange, 2015/10/19