[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class fo
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling |
Date: |
Mon, 19 Oct 2015 18:28:26 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
On 19/10/2015 18:24, Daniel P. Berrange wrote:
> The input format, eg the encoding of the data=XXXX value, or the contents
> of the file, and the output format, which is that required by the consumer
> inside QEMU. We convert between the two. eg you can provide data in base64
> even if QEMU ultimately needs to use it in plain utf-8 format, or vica-verca.
Right. In the end QCryptoSecret only needs to provide a raw output;
converting it to something else, and possibly applying restrictions such
as UTF-8, should depend on the user. Of course the API can include
helper functions for common restrictions, but in general a "secret
storage" module is independent of them.
> IIUC, you're suggesting that for the input format, the data=XXX value
> should allow a choice of utf8 or base64, while the external file could
> just take raw or base64 data. That's easy enough to wire up - just add
> a 3rd option to the format enum and make raw be the default for files.
Almost.
I am also saying that the utf8 case for data=XXX actually should be raw,
because utf8 is just a limitation of JSON and not of the data=XXX
interface. Non-UTF8 data=XXX would then be accepted for the -object
command line option.
Paolo
- [Qemu-block] [PATCH 00/17] Framework for securely passing secrets to QEMU, Daniel P. Berrange, 2015/10/19
- [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
- Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
- Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
- Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
- Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling,
Paolo Bonzini <=
- Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
[Qemu-block] [PATCH 03/17] rbd: add support for getting password from QCryptoSecret object, Daniel P. Berrange, 2015/10/19
[Qemu-block] [PATCH 05/17] iscsi: add support for getting CHAP password via QCryptoSecret API, Daniel P. Berrange, 2015/10/19
[Qemu-block] [PATCH 02/17] crypto: add support for loading encrypted x509 keys, Daniel P. Berrange, 2015/10/19
[Qemu-block] [PATCH 04/17] curl: add support for HTTP authentication parameters, Daniel P. Berrange, 2015/10/19
[Qemu-block] [PATCH 07/17] qcow2: add a 'keyid' parameter to qcow2 options, Daniel P. Berrange, 2015/10/19