On Tue, May 17, 2016 at 12:36:08 -0400, John Ferlan wrote:
[...]
> +/* qemuDomainGetAESKeyAlias:
> + *
> + * Generate and return an initialization vector alias
> + *
> + * Returns NULL or a string containing the AES key alias
> + */
> +char *
> +qemuDomainGetAESKeyAlias(const char *srcalias)
> +{
> + char *alias;
> +
> + if (!srcalias) {
> + virReportError(VIR_ERR_INVALID_ARG, "%s",
> + _("secret iv alias requires valid source alias"));
> + return NULL;
> + }
> +
> + ignore_value(virAsprintf(&alias, "%s-aesKey0", srcalias));
So this will be part of the following command line:
-object secret,id=virtio-disk0-aesKey0,\
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64
The object added represents the secret for a given disk, not the AES
key or anything else. The secret is encrypted using the AES key which
has alias 'masterKey0'.
I'm thinking that something along "virtio-disk0-secret0" might be a
better match.
Peter
Attachment:
signature.asc
Description: Digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list