qemu-block
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class fo


From: Paolo Bonzini
Subject: Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling
Date: Mon, 19 Oct 2015 18:28:26 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0


On 19/10/2015 18:24, Daniel P. Berrange wrote:
> The input format, eg the encoding of the data=XXXX value, or the contents
> of the file, and the output format, which is that required by the consumer
> inside QEMU. We convert between the two. eg you can provide data in base64
> even if QEMU ultimately needs to use it in plain utf-8 format, or vica-verca.

Right.  In the end QCryptoSecret only needs to provide a raw output;
converting it to something else, and possibly applying restrictions such
as UTF-8, should depend on the user.  Of course the API can include
helper functions for common restrictions, but in general a "secret
storage" module is independent of them.

> IIUC, you're suggesting that for the input format, the data=XXX value
> should allow a choice of utf8 or base64, while the external file could
> just take raw or base64 data. That's easy enough to wire up - just add
> a 3rd option to the format enum and make raw be the default for files.

Almost.

I am also saying that the utf8 case for data=XXX actually should be raw,
because utf8 is just a limitation of JSON and not of the data=XXX
interface.  Non-UTF8 data=XXX would then be accepted for the -object
command line option.

Paolo



reply via email to

[Prev in Thread] Current Thread [Next in Thread]