Re: [libvirt] [PATCH 14/19] conf: Add new secret type "key"
On 06/21/2016 08:08 AM, Peter Krempa wrote:
On Mon, Jun 13, 2016 at 20:27:53 -0400, John Ferlan wrote:
> Add a new secret type known as "key" - it will handle adding the secret
> objects that need a key (or passphrase), such as will soon be the case
This may be misleading a "key" is not equal to a "passprhase" in
usual
encryption terminology. Key usually refers to the actual encryption key
used to encrypt the data whereas passprhase is usually a human readable
secret string (which may not be random at all) used to access the key
later.
The cryptsetup man page tends to treat them interchangably to some
extent (eg a key slot equals to passprhase, but the master key refers to
the actual encryption key used for the data).
To avoid confusion I'd rather stick with "passphrase".
That was my other choice... 'key' was just shorter and easier to type.
I'll make that adjustment, so it'll be:
<secret ephemeral='no' private='no'>
<uuid>f52a81b2-424e-490c-823d-6bd4235bc572</uuid>
<description>Sample Passphrase Secret</description>
<usage type='passphrase'>
<passphrase>mumblyfratz</passphrase>
</usage>
</secret>
John
> for a luks volume for both storage driver create and libvirt
domain usage.
>
> Signed-off-by: John Ferlan <jferlan(a)redhat.com>
> ---