From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35916) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a1IOt-0000iu-EC for qemu-devel@nongnu.org; Tue, 24 Nov 2015 13:33:12 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1a1IOq-0006WL-8e for qemu-devel@nongnu.org; Tue, 24 Nov 2015 13:33:11 -0500 Received: from mx1.redhat.com ([209.132.183.28]:40650) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a1IOq-0006W9-0S for qemu-devel@nongnu.org; Tue, 24 Nov 2015 13:33:08 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (Postfix) with ESMTPS id BAF0B32D3C5 for ; Tue, 24 Nov 2015 18:33:07 +0000 (UTC) References: <1448377362-18117-1-git-send-email-berrange@redhat.com> <1448377362-18117-6-git-send-email-berrange@redhat.com> From: Eric Blake Message-ID: <5654AD62.2040206@redhat.com> Date: Tue, 24 Nov 2015 11:33:06 -0700 MIME-Version: 1.0 In-Reply-To: <1448377362-18117-6-git-send-email-berrange@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Sh6UH0LeEgkrLrbCDg8eg5vv37IEeQVXt" Subject: Re: [Qemu-devel] [PATCH v2 5/5] crypto: add support for loading encrypted x509 keys List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , qemu-devel@nongnu.org Cc: Markus Armbruster This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Sh6UH0LeEgkrLrbCDg8eg5vv37IEeQVXt Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 11/24/2015 08:02 AM, Daniel P. Berrange wrote: > Make use of the QCryptoSecret object to support loading of > encrypted x509 keys. The optional 'passwordid' parameter > to the tls-creds-x509 object type, provides the ID of a > secret object instance that holds the decryption password > for the PEM file. >=20 > # printf "123456" > mypasswd.txt > # $QEMU \ > -object secret,id=3Dsec0,filename=3Dmypasswd.txt \ > -object tls-creds-x509,passwordid=3Dsec0,id=3Dcreds0,\ > dir=3D/home/berrange/.pki/qemu,endpoint=3Dserver \ > -vnc :1,tls-creds=3Dcreds0 >=20 > This requires QEMU to be linked to GNUTLS >=3D 3.1.11. If > GNUTLS is too old an error will be reported if an attempt > is made to pass a decryption password. >=20 > Signed-off-by: Daniel P. Berrange > --- > crypto/tlscredsx509.c | 47 +++++++++++++++++++++++++++++++++++= ++++++++ > include/crypto/tlscredsx509.h | 1 + > qemu-options.hx | 8 +++++++- > 3 files changed, 55 insertions(+), 1 deletion(-) Reviewed-by: Eric Blake --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --Sh6UH0LeEgkrLrbCDg8eg5vv37IEeQVXt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJWVK1jAAoJEKeha0olJ0NqAS8H/3lRX8SUOO1sxzi21LPxuEqQ J7TGqRXsgfl49+cpNvfBwHLeNkaiHwbG9/x7nt/1kZHNzjQmJaEQ1sI6mJUZY9Wz MUuIgPXu/wo0KIZ6ptbYCQ/VcdPZUpcdH+YeG8A+c86mqIy0MnfhqMbeKCoVBbam r8k5N9he8v2B/q4Jgv5wn6aEvzkxbT6F5LYlB3HsCnlTo+c1DxcMJWKNTFfuExj/ FcsD2nu8GcwNKcGBFHvkjbTRAMEiDvpWAZ8E8UoyMAddBIeZQf8E9lO8OPweFUiz 7ahyK7f9UeQ43rcQqFRHXxGqIcQJRWAq9ysCr6D6ysWYQ3tdn+1j75noYWYyrVg= =H1R1 -----END PGP SIGNATURE----- --Sh6UH0LeEgkrLrbCDg8eg5vv37IEeQVXt--