VirtualBox

Ticket #1765 (new enhancement)

Opened 6 years ago

Last modified 7 months ago

Encrypted virtual disk

Reported by: leto Owned by:
Priority: minor Component: virtual disk
Version: VirtualBox 1.6.2 Keywords: encryption
Cc: Guest type: other
Host type: other

Description

Can VirtualBox encrypt virtual disks. The code is all out there, and well understood. Linux drivers for example exist to use a pass phrase to encrypt block devices. I wonder if that could be integrated into VirtualBox so that all guests running on any host can benefit.

One use case for VirtualBox is when using a work laptop for private purposes, say reading email, playing the odd game etc. A good way to do this is to install your favourite OS in a VirtualBox, and to encrypt it in-case of loss or even worse, an audit! This way you avoid the potential problems of installing your own software on a work machine.

So, possible? Probable?

Change History

comment:1 Changed 6 years ago by sandervl73

It could, but why should it? Just use your favourite encryption utility/file system to encrypt and decrypt the harddisk containers on the fly.

comment:2 Changed 6 years ago by leto

Well, I can think of two scenarios there.

  1. Use the guest encryption support. Unfortunately not all OS's support this option. Certianly it is only the most recent linux distributions that make this easy enough for motals.
  1. Use the host encryption support. Possibly a better plan, but once decrypted it is available for all apps, not just that VM, and it remains accessable long after the VM has shutdown. In my case, it would also mean trusting MS encryption, which I have difficulty with having seen the quality of their latest products.

This is why I think that direct VM support would be better. Still, you may dis-agree with my points, or with the general need. C'est la vie.

comment:3 Changed 6 years ago by sandervl73

I'm not arguing about the usefulness of encryption, but just don't agree that VirtualBox should be responsible.

Another option is to use two VMs. One exports an encrypted block device that the 2nd one boots from.

comment:4 Changed 6 years ago by frank

  • Component changed from other to virtual disk

comment:5 Changed 6 years ago by NeBlackCat

I'd like to support this feature request.

Yes you can use a third party FOS cross platform encryption tool, with TrueCrypt being the obvious choice. But it adds complexity for the end user. You have to store your container file somewhere, then mount it to some drive letter (say we're in Windows), then point VirtualBox to a VDI file on it, which requires that you do things in the right order (or VirtualBox, which manages virtual disks centrally and assumes they're always visible) will complain that it cant find it when it's started. And what if you want to store each virtual disk encrypted with it's own password? Then you end up having to use multiple drive letters and things get even more messy.

If VirtualBox supported encrypted VDIs out of the box, none of that would apply and, as hard disk encryption is a common need these days, it would have a nice "sales feature" that is easy to use and, as far as I can recall, none of it's competitors have.

If it were me, I'd be tempted to align VirtualBox with TrueCrupt and adopt it's container format in a new revision of the VDI format, allowing TrueCrypt to be called to handle the encryption without VirtualBox having to any encryption stuff itself.

comment:6 Changed 4 years ago by Technologov

This feature is still relevant for VBox 3.1 and looks interesting.

-Technologov

comment:7 Changed 3 years ago by Technologov

I forgot about this wish long ago, and by mistake opened a duplicate #7663

I agree with NeBlackCat's arguments.

-Technologov

comment:8 Changed 3 years ago by michael

In the mean time, for Linux hosts there is at least one solution (ecryptfs) to encrypt just a few files on your drive. Never tried it so I don't know if it is good or not. I'm sure there must be solutions for Windows and OS X too.

comment:9 Changed 3 years ago by Technologov

TrueCrypt is a cross-platform solution, and a real 'hidden gem' software.

Just would be nice to have some solution integrated with VBox.

-Technologov

comment:10 Changed 3 years ago by ni81036

I'm unsure why people are so persistent in asking for this feature. Using TrueCrypt (of which I'm being long time user) on host and storing disk image there makes sure that key mgmt, along with secure buffering and features like deniability, are done by software designed exactly for that purpose.

Adding simple block-level encryption/decryption is, probably, feasible, but really hard part lies in features mentioned above. After all, feel free to write a patch for encryption feature, although I wouldn't guarantee it will be accepted.

comment:11 Changed 7 months ago by complier

Why don't you just do this, since so many people are asking for it? This would be an extremely useful feature.

It wouldn't require to install anything on host computer.

PLEASE implement this!

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use