Opened 7 years ago
Last modified 7 years ago
#16781 new defect
Strange handling of encryption keys in case of encrypted media vs. encrypted VM.
| Reported by: | Thorsten Schöning | Owned by: | |
|---|---|---|---|
| Component: | virtual disk | Version: | VirtualBox 5.1.22 |
| Keywords: | Cc: | ||
| Guest type: | Linux | Host type: | Linux |
Description
I have created a new medium and encrypted it according the docs[1] WITHOUT attaching it to a VM first. This succeeded and made me wonder where the encryption keys got saved? According to some blog posts and because of tests I made before with encryption on VM level, those should be saved in the XML config of a VM, but in my case I didn't have a VM the media was attached to. I had a look in the global configuration file of the user running the VBoxManage command as well and didn't find any keys.
So where should the keys be saved if only a new medium was created and encrypted, e.g. using VBoxManage, WITHOUT attaching that medium to a VM before encryption?
Afterwards I attached the newly created, encrypted media to some test VM and at some point recognized keys in the XML config of the test VM. Did some testing and stuff and removed the medium from the test VM again to attach it to another VM. But looking at the config of the first test VM, the keys of the re-attached medium is still present there, not in the VM where the medium is currently attached to. Additionally, it is really ONLY attached to the new VM, not the former test VM anymore.
Shouldn't the keys now be part of the one and only VM the medium is attached to? I'm supposed to backup the keys for all media, but how should I do that reliably if I can't be sure where the keys are actually stored? In my case the first VM was for test purposes, the second for production. What happens if I delete the test VM now, still containing the keys of my encrypted medium, even if it's not attached anymore?
I couldn't find any more detailed documentation about where VirtualBox stores the keys when and if/how/when those parts of the config are moved in case of attaching and removing encrypted media from VMs. Looking at how important those keys are, I strongly suggest adding some paragraphs to the docs how to deal with those and what VirtualBox does automatically. Or not at all, because in my case it doesn't seem to move case around as expected...
[1]: https://www.virtualbox.org/manual/ch09.html#diskencryption-encryption
There's a discussion in the user forum suggesting that docs should really be improved regarding things like unattached images, DEKs movement or not on case of attaching images to other VMs etc.
https://forums.virtualbox.org/viewtopic.php?f=1&t=83217