[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Can I mount encrypt qcow2?
|
From: |
陳培泓 |
|
Subject: |
Re: [Qemu-devel] Can I mount encrypt qcow2? |
|
Date: |
Fri, 21 Jul 2017 09:44:33 +0800 |
I re-build qemu from the https://github.com/qemu/qemu, and it didn't show
any errors.
I tried the cmd you suggested below:
> qemu-nbd --object secret,id=sec0,file=passwd.txt,format=raw \
> -c /dev/nbd0 \
> --image-opts driver=qcow2,file.filename=
> demo.qcow2,encrypt.format=luks,encrypt.key-secret=sec0
but it shows unrecognized option '--object '
why?I missed to install something?
2017-07-20 17:12 GMT+08:00 Daniel P. Berrange <address@hidden>:
> On Thu, Jul 20, 2017 at 05:07:49PM +0800, 陳培泓 wrote:
> > oh~ I don't know can expose the LUKS encryption. I'm sure the older(AES)
> > can't be mounted by qemu-nbd.
>
> It can be mounted, with current git master (all the commands I show
> below are for git master btw).
>
> You should, however, *never* use the old AES format any more. It is
> broken by design and not considered secure.
>
> > If I encrypt by the command you recommended:
> >
> > > qemu-nbd --object secret,id=sec0,file=passwd.txt,format=raw \
> > > --image-opts driver=qcow2,file.filename=
> > > demo.qcow2,encrypt.format=luks,encrypt.key-secret=sec0
>
> This *is* exposing the encrypted file - not creating it. If you
> want to connect to a host nbd device then you use the command
> above, with the -c arg
>
> $ qemu-nbd --object secret,id=sec0,file=passwd.txt,format=raw \
> -c /dev/nbd0 \
> --image-opts driver=qcow2,file.filename=
> demo.qcow2,encrypt.format=luks,encrypt.key-secret=sec0
>
>
> If you have a legacy AES qcow2 file the syntax is very similar
>
> $ qemu-nbd --object secret,id=sec0,file=passwd.txt,format=raw \
> -c /dev/nbd0 \
> --image-opts driver=qcow2,file.filename=
> demo.qcow2,encrypt.format=aes,encrypt.key-secret=sec0
>
> Note we just changed the encrypt.format parameter there.
>
>
> To actually create an encrypted file in the first place you need the
> qemu-img command
>
> $ qemu-img create --object secret,id=sec0,file=passwd.txt,format=raw \
> -f qcow2 -o encrypt.format=luks,encrypt.key-secret=sec0 \
> demo.qcow2 1G
>
>
> Regards,
> Daniel
> --
> |: https://berrange.com -o- https://www.flickr.com/photos/
> dberrange :|
> |: https://libvirt.org -o-
> https://fstop138.berrange.com :|
> |: https://entangle-photo.org -o- https://www.instagram.com/
> dberrange :|
>
- [Qemu-devel] Can I mount encrypt qcow2?, 陳培泓, 2017/07/19
- Re: [Qemu-devel] Can I mount encrypt qcow2?, Daniel P. Berrange, 2017/07/20
- Re: [Qemu-devel] Can I mount encrypt qcow2?, 陳培泓, 2017/07/20
- Re: [Qemu-devel] Can I mount encrypt qcow2?, Daniel P. Berrange, 2017/07/20
- Re: [Qemu-devel] Can I mount encrypt qcow2?,
陳培泓 <=
- Re: [Qemu-devel] Can I mount encrypt qcow2?, Daniel P. Berrange, 2017/07/21
- Re: [Qemu-devel] Can I mount encrypt qcow2?, 陳培泓, 2017/07/21
- Re: [Qemu-devel] Can I mount encrypt qcow2?, Daniel P. Berrange, 2017/07/21
- Re: [Qemu-devel] Can I mount encrypt qcow2?, 陳培泓, 2017/07/21
- Re: [Qemu-devel] Can I mount encrypt qcow2?, Eric Blake, 2017/07/21
- Re: [Qemu-devel] Can I mount encrypt qcow2?, Eric Blake, 2017/07/21
- Re: [Qemu-devel] Can I mount encrypt qcow2?, Daniel P. Berrange, 2017/07/21
- Re: [Qemu-devel] Can I mount encrypt qcow2?, Eric Blake, 2017/07/21
- Re: [Qemu-devel] Can I mount encrypt qcow2?, 陳培泓, 2017/07/23
- Re: [Qemu-devel] Can I mount encrypt qcow2?, Eric Blake, 2017/07/24