[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 5/5] crypto: add support for loading encrypte
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH v2 5/5] crypto: add support for loading encrypted x509 keys |
Date: |
Tue, 24 Nov 2015 11:33:06 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
On 11/24/2015 08:02 AM, Daniel P. Berrange wrote:
> Make use of the QCryptoSecret object to support loading of
> encrypted x509 keys. The optional 'passwordid' parameter
> to the tls-creds-x509 object type, provides the ID of a
> secret object instance that holds the decryption password
> for the PEM file.
>
> # printf "123456" > mypasswd.txt
> # $QEMU \
> -object secret,id=sec0,filename=mypasswd.txt \
> -object tls-creds-x509,passwordid=sec0,id=creds0,\
> dir=/home/berrange/.pki/qemu,endpoint=server \
> -vnc :1,tls-creds=creds0
>
> This requires QEMU to be linked to GNUTLS >= 3.1.11. If
> GNUTLS is too old an error will be reported if an attempt
> is made to pass a decryption password.
>
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
> crypto/tlscredsx509.c | 47
> +++++++++++++++++++++++++++++++++++++++++++
> include/crypto/tlscredsx509.h | 1 +
> qemu-options.hx | 8 +++++++-
> 3 files changed, 55 insertions(+), 1 deletion(-)
Reviewed-by: Eric Blake <address@hidden>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
- [Qemu-devel] [PATCH v2 0/5] Add framework for passing secrets to QEMU, Daniel P. Berrange, 2015/11/24
- [Qemu-devel] [PATCH v2 2/5] qemu-char: convert to use error checked base64 decode, Daniel P. Berrange, 2015/11/24
- [Qemu-devel] [PATCH v2 1/5] util: add base64 decoding function, Daniel P. Berrange, 2015/11/24
- [Qemu-devel] [PATCH v2 5/5] crypto: add support for loading encrypted x509 keys, Daniel P. Berrange, 2015/11/24
- Re: [Qemu-devel] [PATCH v2 5/5] crypto: add support for loading encrypted x509 keys,
Eric Blake <=
- [Qemu-devel] [PATCH v2 3/5] qga: convert to use error checked base64 decode, Daniel P. Berrange, 2015/11/24
- [Qemu-devel] [PATCH v2 4/5] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/11/24