Re: [Qemu-devel] [PATCH v2 5/5] crypto: add support for loading encrypte

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2 5/5] crypto: add support for loading encrypte

From:	Eric Blake
Subject:	Re: [Qemu-devel] [PATCH v2 5/5] crypto: add support for loading encrypted x509 keys
Date:	Tue, 24 Nov 2015 11:33:06 -0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0

On 11/24/2015 08:02 AM, Daniel P. Berrange wrote:
> Make use of the QCryptoSecret object to support loading of
> encrypted x509 keys. The optional 'passwordid' parameter
> to the tls-creds-x509 object type, provides the ID of a
> secret object instance that holds the decryption password
> for the PEM file.
> 
>  # printf "123456" > mypasswd.txt
>  # $QEMU \
>     -object secret,id=sec0,filename=mypasswd.txt \
>     -object tls-creds-x509,passwordid=sec0,id=creds0,\
>             dir=/home/berrange/.pki/qemu,endpoint=server \
>     -vnc :1,tls-creds=creds0
> 
> This requires QEMU to be linked to GNUTLS >= 3.1.11. If
> GNUTLS is too old an error will be reported if an attempt
> is made to pass a decryption password.
> 
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
>  crypto/tlscredsx509.c         | 47 
> +++++++++++++++++++++++++++++++++++++++++++
>  include/crypto/tlscredsx509.h |  1 +
>  qemu-options.hx               |  8 +++++++-
>  3 files changed, 55 insertions(+), 1 deletion(-)

Reviewed-by: Eric Blake <address@hidden>

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v2 0/5] Add framework for passing secrets to QEMU, Daniel P. Berrange, 2015/11/24
- [Qemu-devel] [PATCH v2 2/5] qemu-char: convert to use error checked base64 decode, Daniel P. Berrange, 2015/11/24
  - Re: [Qemu-devel] [PATCH v2 2/5] qemu-char: convert to use error checked base64 decode, Eric Blake, 2015/11/24
- [Qemu-devel] [PATCH v2 1/5] util: add base64 decoding function, Daniel P. Berrange, 2015/11/24
  - Re: [Qemu-devel] [PATCH v2 1/5] util: add base64 decoding function, Eric Blake, 2015/11/24
    - Re: [Qemu-devel] [PATCH v2 1/5] util: add base64 decoding function, Daniel P. Berrange, 2015/11/24
- [Qemu-devel] [PATCH v2 5/5] crypto: add support for loading encrypted x509 keys, Daniel P. Berrange, 2015/11/24
  - Re: [Qemu-devel] [PATCH v2 5/5] crypto: add support for loading encrypted x509 keys, Eric Blake <=
- [Qemu-devel] [PATCH v2 3/5] qga: convert to use error checked base64 decode, Daniel P. Berrange, 2015/11/24
  - Re: [Qemu-devel] [PATCH v2 3/5] qga: convert to use error checked base64 decode, Eric Blake, 2015/11/24
- [Qemu-devel] [PATCH v2 4/5] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/11/24
  - Re: [Qemu-devel] [PATCH v2 4/5] crypto: add QCryptoSecret object class for password/key handling, Eric Blake, 2015/11/24
    - Re: [Qemu-devel] [PATCH v2 4/5] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/11/24

Prev by Date: Re: [Qemu-devel] [PATCH v2 09/10] trace: [tcg] Add per-vCPU tracing states for events with the 'vcpu' property
Next by Date: Re: [Qemu-devel] [PATCH COLO-Frame v11 09/39] COLO/migration: Create a new communication path from destination to source
Previous by thread: [Qemu-devel] [PATCH v2 5/5] crypto: add support for loading encrypted x509 keys
Next by thread: [Qemu-devel] [PATCH v2 3/5] qga: convert to use error checked base64 decode
Index(es):
- Date
- Thread