[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Can I mount encrypt qcow2?
From: |
陳培泓 |
Subject: |
Re: [Qemu-devel] Can I mount encrypt qcow2? |
Date: |
Thu, 20 Jul 2017 17:07:49 +0800 |
oh~ I don't know can expose the LUKS encryption. I'm sure the older(AES)
can't be mounted by qemu-nbd.
If I encrypt by the command you recommended:
> qemu-nbd --object secret,id=sec0,file=passwd.txt,format=raw \
> --image-opts driver=qcow2,file.filename=
> demo.qcow2,encrypt.format=luks,encrypt.key-secret=sec0
Supposed the encrypted file called disk_encry.qcow2
Can I mount disk_encry.qcow2 by the cmd?
> qemu-nbd -c /dev/nbd0 disk_encry.qcow2
2017-07-20 16:59 GMT+08:00 Daniel P. Berrange <address@hidden>:
> On Thu, Jul 20, 2017 at 10:43:53AM +0800, 陳培泓 wrote:
> > Can I mount encrypt qcow2 file through qemu-nbd?
>
> What encryption format are you referring to ? The old AES encrypt, or the
> new LUKS encrypt ? The latter is the only one people should be using, and
> you can expose it with
>
> qemu-nbd --object secret,id=sec0,file=passwd.txt,format=raw \
> --image-opts driver=qcow2,file.filename=
> demo.qcow2,encrypt.format=luks,encrypt.key-secret=sec0
>
> Note that 'passwd.txt' file must *not* contain a newline. eg create it
> with 'echo -n 123456 > passwd.txt' - the -n flag to omit the newline
>
> You should only do decrypt in qemu-nbd, if you are trying to interoperate
> with non-QEMU tools. If you are exposing the NBD volume to a QEMU system
> emulator, you should make the NBD server expose the file as raw, and let
> the QEMU client do the decryption instead, so data over the NBD socket
> is still secure.
>
> Regards,
> Daniel
> --
> |: https://berrange.com -o- https://www.flickr.com/photos/
> dberrange :|
> |: https://libvirt.org -o-
> https://fstop138.berrange.com :|
> |: https://entangle-photo.org -o- https://www.instagram.com/
> dberrange :|
>
- [Qemu-devel] Can I mount encrypt qcow2?, 陳培泓, 2017/07/19
- Re: [Qemu-devel] Can I mount encrypt qcow2?, Daniel P. Berrange, 2017/07/20
- Re: [Qemu-devel] Can I mount encrypt qcow2?,
陳培泓 <=
- Re: [Qemu-devel] Can I mount encrypt qcow2?, Daniel P. Berrange, 2017/07/20
- Re: [Qemu-devel] Can I mount encrypt qcow2?, 陳培泓, 2017/07/20
- Re: [Qemu-devel] Can I mount encrypt qcow2?, Daniel P. Berrange, 2017/07/21
- Re: [Qemu-devel] Can I mount encrypt qcow2?, 陳培泓, 2017/07/21
- Re: [Qemu-devel] Can I mount encrypt qcow2?, Daniel P. Berrange, 2017/07/21
- Re: [Qemu-devel] Can I mount encrypt qcow2?, 陳培泓, 2017/07/21
- Re: [Qemu-devel] Can I mount encrypt qcow2?, Eric Blake, 2017/07/21
- Re: [Qemu-devel] Can I mount encrypt qcow2?, Eric Blake, 2017/07/21
- Re: [Qemu-devel] Can I mount encrypt qcow2?, Daniel P. Berrange, 2017/07/21
- Re: [Qemu-devel] Can I mount encrypt qcow2?, Eric Blake, 2017/07/21