Re: [libvirt] [PATCH v4 2/3] qemu: Introduce new Secret AES API's
On Tue, May 17, 2016 at 12:36:08 -0400, John Ferlan wrote:
[...]
+/* qemuDomainGetAESKeyAlias:
+ *
+ * Generate and return an initialization vector alias
+ *
+ * Returns NULL or a string containing the AES key alias
+ */
+char *
+qemuDomainGetAESKeyAlias(const char *srcalias)
+{
+ char *alias;
+
+ if (!srcalias) {
+ virReportError(VIR_ERR_INVALID_ARG, "%s",
+ _("secret iv alias requires valid source alias"));
+ return NULL;
+ }
+
+ ignore_value(virAsprintf(&alias, "%s-aesKey0", srcalias));
So this will be part of the following command line:
-object secret,id=virtio-disk0-aesKey0,\
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64
The object added represents the secret for a given disk, not the AES
key or anything else. The secret is encrypted using the AES key which
has alias 'masterKey0'.
I'm thinking that something along "virtio-disk0-secret0" might be a
better match.
Peter
Attachments:
- signature.asc (application/pgp-signature — 819 bytes)