[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class fo
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling |
Date: |
Mon, 19 Oct 2015 16:46:27 +0100 |
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Mon, Oct 19, 2015 at 05:40:08PM +0200, Paolo Bonzini wrote:
>
>
> On 19/10/2015 17:24, Daniel P. Berrange wrote:
> > JSON doesn't accept arbitrary 8-bit binary data, so the alternative
> > 'base64' is effectively providing binary data facility. Having to
> > use base64 for plain passwords is rather tedious though, so allowing
> > utf8 is a much more developer friendly approach for people using QEMU
> > without a mgmt tool like libvirt.
> >
> > NB, this dual-format utf8-or-base64 approach matches the approach used
> > in QEMU guest agent for the guest-file-read/write commands for the same
> > reason.
>
> The difference is that guest-file-read/write have the payload in JSON;
> for file-based secrets the payload is not JSON.
For non-file based secrets though, the payload *is* in the JSON,
and per the cover letter, I actually anticipate passing all
secrets inline in the JSON and only using the file backend for
loading the initial master key. This avoids the need to do
file handle passing and/or create lots of temporary files, when
hotplugging resources.
> So I think that "binary" (which is the default anyway) would fit all the
> usecases (direct over JSON, file-based, direct over command line).
> Direct over JSON would be limited to valid UTF-8, but that's just a
> limitation of the transport.
I don't think that's actually an acceptable limitation - I want the
inline data passing to be fully usable for non-UTF-8 data too.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
- [Qemu-devel] [PATCH 03/17] rbd: add support for getting password from QCryptoSecret object, (continued)
- [Qemu-devel] [PATCH 03/17] rbd: add support for getting password from QCryptoSecret object, Daniel P. Berrange, 2015/10/19
- [Qemu-devel] [PATCH 02/17] crypto: add support for loading encrypted x509 keys, Daniel P. Berrange, 2015/10/19
- [Qemu-devel] [PATCH 04/17] curl: add support for HTTP authentication parameters, Daniel P. Berrange, 2015/10/19
- [Qemu-devel] [PATCH 05/17] iscsi: add support for getting CHAP password via QCryptoSecret API, Daniel P. Berrange, 2015/10/19
- [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling,
Daniel P. Berrange <=
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
[Qemu-devel] [PATCH 07/17] qcow2: add a 'keyid' parameter to qcow2 options, Daniel P. Berrange, 2015/10/19
[Qemu-devel] [PATCH 06/17] qcow: add a 'keyid' parameter to qcow options, Daniel P. Berrange, 2015/10/19
[Qemu-devel] [PATCH 10/17] qemu-nbd: add support for --object command line arg, Daniel P. Berrange, 2015/10/19