On Tue, May 17, 2016 at 12:36:08 -0400, John Ferlan wrote: [...]
+/* qemuDomainGetAESKeyAlias: + * + * Generate and return an initialization vector alias + * + * Returns NULL or a string containing the AES key alias + */ +char * +qemuDomainGetAESKeyAlias(const char *srcalias) +{ + char *alias; + + if (!srcalias) { + virReportError(VIR_ERR_INVALID_ARG, "%s", + _("secret iv alias requires valid source alias")); + return NULL; + } + + ignore_value(virAsprintf(&alias, "%s-aesKey0", srcalias));
So this will be part of the following command line: -object secret,id=virtio-disk0-aesKey0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 The object added represents the secret for a given disk, not the AES key or anything else. The secret is encrypted using the AES key which has alias 'masterKey0'. I'm thinking that something along "virtio-disk0-secret0" might be a better match. Peter