VirtualBox

Changeset 55478 in vbox


Ignore:
Timestamp:
Apr 28, 2015 12:15:15 PM (9 years ago)
Author:
vboxsync
Message:

Manual: Document disk enryption feature in the advanced topics section

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/doc/manual/en_US/user_AdvancedTopics.xml

    r55275 r55478  
    37283728  </sect1>
    37293729
     3730  <sect1 id="diskencryption">
     3731    <title>Encryption of disk images</title>
     3732
     3733    <para>
     3734      Starting with VirtualBox 5.0 it is possible to encrypt the data stored in
     3735      hard disk images transparently for the guest. It does not depend on a specific
     3736      image format to be used. Images which have the data encrypted are not portable
     3737      between VirtualBox and other virtualization software though.
     3738    </para>
     3739
     3740    <para>
     3741      VirtualBox uses the AES algorithm in XTS mode and supports 128 or 256 bit
     3742      data encryption keys (DEK).
     3743      The DEK is stored encrypted in the medium properties and is decrypted during
     3744      VM startup by entering a password which was chosen when the image was encrypted.
     3745    </para>
     3746
     3747    <sect2 id="diskencryption-limitations">
     3748      <title>Limitations</title>
     3749
     3750      <para>
     3751        There are some limitations the user needs to be aware of when using this
     3752        feature:
     3753      </para>
     3754
     3755      <itemizedlist>
     3756
     3757        <listitem>
     3758          <para>This feature is currently closed source and requires the Oracle extension
     3759            pack to be installed to work.</para>
     3760        </listitem>
     3761
     3762        <listitem>
     3763          <para>Because encryption works only on the stored user data
     3764            it is not possible to check for metadata integrity of the disk image currently.
     3765            Attackers might take advantage of this to remove or insert blocks of database
     3766            into the image or change certain metadata items such as the disk size.</para>
     3767        </listitem>
     3768
     3769        <listitem>
     3770          <para>Exporting appliances which contain encrypted disk images is not
     3771            possible because the OVF specification doesn't support this.
     3772            All images are therefore decrypted during export.</para>
     3773        </listitem>
     3774
     3775        <listitem>
     3776          <para>The DEK is kept in memory while the VM is running to be able to
     3777            decrpt data read and encrypt data written by the guest. While this should
     3778            be obvious the user needs to be aware of this because an attacker might be able
     3779            to extract the key on a compromised host and get access to the data later.</para>
     3780        </listitem>
     3781
     3782        <listitem>
     3783          <para>When encrypting or decrypting the images the password is passed unencrypted
     3784            via the Main API from the frontend to VBoxSVC. This needs to be kept in mind
     3785            especially when using third party frontends which make use of the webservice
     3786            where the password might be transmitted unencrypted over the network.</para>
     3787        </listitem>
     3788
     3789        <listitem>
     3790          <para>Encrypting images with differencing images is only possible if there
     3791            are no branches exisiting. This limitation will be lifted in the future.</para>
     3792        </listitem>
     3793
     3794      </itemizedlist>
     3795
     3796    </sect2>
     3797
     3798    <sect2 id="diskencryption-encryption">
     3799      <title>Encrypting disk images</title>
     3800
     3801      <para>
     3802        Encrypting disk images can be done either using the GUI or VBoxManage.
     3803        While the GUI is easier to use it works on a per VM basis and encrypts
     3804        all disk images attached to the specific VM.
     3805        With VBoxManage one can encrypt individual images (including all differencing
     3806        images). To encrypt an unencrypted medium with VBoxManage use:
     3807      </para>
     3808
     3809      <screen>VBoxManage encryptmedium "uuid|filename" --newpassword "file|-" --cipher "cipher id" --newpasswordid "id"</screen>
     3810
     3811      <para>
     3812        To supply the encryption password point VBoxManage to the file where the
     3813        password is stored or specify <computeroutput>-</computeroutput> to let VBoxManage
     3814        ask you for the password on the command line.
     3815      </para>
     3816      <para>
     3817        The cipher parameter specifies the cipher to use for encryption and can be either
     3818        <computeroutput>AES-XTS128-PLAIN64</computeroutput> or <computeroutput>AES-XTS256-PLAIN64</computeroutput>.
     3819        The specified password identifier can be freely chosen by the user and is
     3820        used for correct identification when supplying multiple passwords during
     3821        VM startup.
     3822      </para>
     3823      <para>
     3824        If the user uses the same password when encrypting multiple images and also the
     3825        same password identifier, the user needs to supply the password only once during
     3826        VM startup.
     3827      </para>
     3828    </sect2>
     3829
     3830    <sect2 id="diskencryption-startvm">
     3831      <title>Starting a VM with encrypted images</title>
     3832
     3833      <para>
     3834        When a VM is started using the GUI a dialog will open where the user
     3835        needs to enter all passwords for all encrypted images attached to the VM.
     3836        If another frontend like VBoxHeadless is used the VM will be paused as soon
     3837        as the guest tries to access an encrypted disk.
     3838        The user needs to provide the passwords through VBoxManage using the following
     3839        command:
     3840      </para>
     3841
     3842      <screen>VBoxManage controlvm "uuid|vmname" addencpassword "id" "password" [--removeonsuspend "yes|no"]</screen>
     3843
     3844      <para>
     3845        The <computeroutput>id</computeroutput> parameter must be the same as the password identifier
     3846        supplied when encrypting the images. <computeroutput>password</computeroutput> is the password
     3847        used when encrypting the images. The user can optionally specify
     3848        <computeroutput>--removeonsuspend "yes|no"</computeroutput> to specify whether
     3849        to remove the password from VM memory when the VM is suspended. Before the VM can be
     3850        resumed the user needs to supply the passwords again. This is useful when
     3851        a VM is suspended by a host suspend event and the user doesn't want
     3852        that the password remains in memory.
     3853      </para>
     3854    </sect2>
     3855
     3856    <sect2 id="diskencryption-decryption">
     3857      <title>Decrypting encrypted images</title>
     3858
     3859      <para>
     3860        In some circumstanes it might be required to decrypt previously encrypted
     3861        images. This can be done in the GUI for a complete VM or using VBoxManage
     3862        with the following command:
     3863      </para>
     3864
     3865      <screen>VBoxManage encryptmedium "uuid|filename" --oldpassword "file|-"</screen>
     3866
     3867      <para>
     3868        The only required parameter is the password the image was encrypted with.
     3869        The options are the same as for encrpting images.
     3870      </para>
     3871    </sect2>
     3872  </sect1>
     3873
    37303874</chapter>
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette