[libvirt] [PATCH 14/19] conf: Add new secret type "key"

John Ferlan jferlan at redhat.com
Tue Jun 21 15:33:15 UTC 2016 


On 06/21/2016 08:08 AM, Peter Krempa wrote:
> On Mon, Jun 13, 2016 at 20:27:53 -0400, John Ferlan wrote:
>> Add a new secret type known as "key" - it will handle adding the secret
>> objects that need a key (or passphrase), such as will soon be the case
> 
> This may be misleading a "key" is not equal to a "passprhase" in usual
> encryption terminology. Key usually refers to the actual encryption key
> used to encrypt the data whereas passprhase is usually a human readable
> secret string (which may not be random at all) used to access the key
> later.
> 
> The cryptsetup man page tends to treat them interchangably to some
> extent (eg a key slot equals to passprhase, but the master key refers to
> the actual encryption key used for the data).
> 
> To avoid confusion I'd rather stick with "passphrase".
> 
>> for a luks volume for both storage driver create and libvirt domain usage.
>>
>> Signed-off-by: John Ferlan <jferlan at redhat.com>
>> ---

While replying to review comments from 6/19, I realized another reason I
went with "key" over "passphrase".

Consider the existing/old qcow encryption format
(http://libvirt.org/formatsecret.html)

The <secret> XML looks like:

  <secret ephemeral='no' private='yes'>
    <description>Super secret name of my first puppy</description>
    <uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid>
    <usage type='volume'>
      <volume>/var/lib/libvirt/images/puppyname.img</volume>
    </usage>
  </secret>

while the <domain> XML has:

  <encryption format='qcow'>
   <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
      </encryption>

or once patch 11 hits:

  <encryption format='qcow'>
    <secret type='passphrase'
usage='/var/lib/libvirt/images/puppyname.img'/>
  </encryption>

where 'usage' matches 'volume'

Using something other than passphrase allowed me to distinguish between
that 'old' format and this new style...

Using "passphrase" will then have <domain> format of:

  <encryption format='luks'>
    <secret type='passphrase' {uuid|usage}='...'>/

And a <secret> format of

  <secret ephemeral='no' private='yes'>
    <description>Sample</description>
    <uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid>
    <usage type='passphrase'>
      <passphrase>somestring</passphrase>
    </usage>
  </secret>

where "somestring" is just a 'usage' string and not the actual
passphrase which would be set by the 'secret-set-value' command.

I could have the <secret> XML use something different than passphrase,
but key just seemed to be the most reasonable beyond passphrase. Unless
you have a different suggestion for a better name.

John

Hopefully this was clear...

More information about the libvir-list mailing list