From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35351)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1YW6RN-00009r-At
	for qemu-devel@nongnu.org; Thu, 12 Mar 2015 12:58:34 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1YW6RI-00075v-9N
	for qemu-devel@nongnu.org; Thu, 12 Mar 2015 12:58:33 -0400
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <5501C5AF.8030202@redhat.com>
Date: Thu, 12 Mar 2015 17:58:23 +0100
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <1426008400-22016-1-git-send-email-armbru@redhat.com>
	<20150310181337.GG14255@redhat.com>
In-Reply-To: <20150310181337.GG14255@redhat.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Subject: Re: [Qemu-devel] [PATCH RFC 0/2] Limit support for encrypted images
	to qemu-img
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Daniel P. Berrange" <berrange@redhat.com>, Markus Armbruster <armbru@redhat.com>
Cc: kwolf@redhat.com, stefanha@redhat.com, qemu-devel@nongnu.org, qemu-block@nongnu.org, kraxel@redhat.com



On 10/03/2015 19:13, Daniel P. Berrange wrote:
> FWIW, I could see an improved interaction scheme working as follows
> 
> First, introduce a new monitor command for setting named passwords,
> 
>     add_key mykey1 SECRETDATA

Or reuse object_add:

    object_add secret,id=mykey1,secret=SECRETDATA

> Now, extend the blockdev_add so that you can provide key names
> by adding
> 
>     'keyname': 'mykey1'
> 
> as a parameter in the json args.

You can also add a command line option:

   -secret id=mykey1,secret=SECRETDATA

or possibly:

   -object secret,id=mykey1,secret=SECRETDATA

> For cold plug, have a command line arg '--add-keys prompt' to
> indicate the user should be prompted on TTY to enter keys,

This can even be the default if you have a human monitor open.
(Downside: the default human monitor, accessible with Ctrl-Alt-2, is not
easily discovered; same for Ctrl-A c for -nographic).

> For managed usage we could allow
> '--add-keys fd=FDNUM' and just read keys from the file descriptor.

For managed usage, options can also be passed via -readconfig like

   [object "mykey1"]
   type=secret
   secret=SECRETDATA

Paolo