On 06/21/2016 08:08 AM, Peter Krempa wrote:
> On Mon, Jun 13, 2016 at 20:27:53 -0400, John Ferlan wrote:
>> Add a new secret type known as "key" - it will handle adding the secret
>> objects that need a key (or passphrase), such as will soon be the case
>
> This may be misleading a "key" is not equal to a "passprhase" in usual
> encryption terminology. Key usually refers to the actual encryption key
> used to encrypt the data whereas passprhase is usually a human readable
> secret string (which may not be random at all) used to access the key
> later.
>
> The cryptsetup man page tends to treat them interchangably to some
> extent (eg a key slot equals to passprhase, but the master key refers to
> the actual encryption key used for the data).
>
> To avoid confusion I'd rather stick with "passphrase".
>
That was my other choice... 'key' was just shorter and easier to type.
I'll make that adjustment, so it'll be:
<secret ephemeral='no' private='no'>
<uuid>f52a81b2-424e-490c-823d-6bd4235bc572</uuid>
<description>Sample Passphrase Secret</description>
<usage type='passphrase'>
<passphrase>mumblyfratz</passphrase>
</usage>
</secret>
John
>> for a luks volume for both storage driver create and libvirt domain usage.
>>
>> Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
>> ---
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list