[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 02/13] qcrypto-luks: implement encryption key management

From: Kevin Wolf
Subject: Re: [PATCH 02/13] qcrypto-luks: implement encryption key management
Date: Thu, 6 Feb 2020 15:25:58 +0100
User-agent: Mutt/1.12.1 (2019-06-15)

Am 06.02.2020 um 14:36 hat Daniel P. Berrangé geschrieben:
> On Thu, Feb 06, 2020 at 02:20:11PM +0100, Markus Armbruster wrote:
> > One more question regarding the array in
> > 
> >     { 'struct': 'QCryptoBlockAmendOptionsLUKS',
> >       'data' : {
> >                 'keys': ['LUKSKeyslotUpdate'],
> >                  '*unlock-secret' : 'str' } }
> > 
> > Why an array?  Do we really need multiple keyslot updates in one amend
> > operation?
> I think it it is unlikely we'd use this in libvirt. In the case of wanting
> to *change* a key, it is safer to do a sequence of "add key" and then
> "remove key". If you combine them into the same operation, and you get
> an error back, it is hard to know /where/ it failed ? was the new key
> added or not ?

I think the array came in because of the "describe the new state"
approach. The state has eight keyslots, so in order to fully describe
the new state, you would have to be able to pass multiple slots at once.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]