|
From: | Eric Blake |
Subject: | Re: [Qemu-block] [Qemu-devel] [PATCH v3] crypto: Implement TLS Pre-Shared Keys (PSK). |
Date: | Thu, 28 Jun 2018 09:48:22 -0500 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 |
On 06/28/2018 09:42 AM, Eric Blake wrote:
On 06/28/2018 08:22 AM, Richard W.M. Jones wrote: In the subject line: most commit summaries don't have a trailing '.'.Pre-Shared Keys (PSK) is a simpler mechanism for enabling TLS connections than using certificates. It requires only a simple secret key: $ mkdir -m 0700 /tmp/keys $ psktool -u rjones -p /tmp/keys/keys.psk $ cat /tmp/keys/keys.pskrjones:d543770c15ad93d76443fb56f501a31969235f47e999720ae8d2336f6a13fcbcThe key can be secretly shared between clients and servers. Clients must specify the directory containing the "keys.psk" file and a username (defaults to "qemu"). Servers must specify only the directory. Example NBD client: $ qemu-img info \--object tls-creds-psk,id=tls0,dir=/tmp/keys,username=rjones,endpoint=client \--image-opts \file.driver=nbd,file.host=localhost,file.port=10809,file.tls-creds=tls0,file.export=/
Otherwise, I'm not spotting problems, but as it touches crypto, I'd also get Dan's review.
Because of the immediate use for NBD, I'm willing to take this through the NBD tree if Dan gives a review or ack. Or, if Dan wants it through the crypto tree (and my minor nits are addressed),
Acked-by: Eric Blake <address@hidden> -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
[Prev in Thread] | Current Thread | [Next in Thread] |