On Fri, Jun 29, 2018 at 12:55:16AM +0300, Nir Soffer wrote: > I don't think we should make it easy to have a static files with > many keys and user names. Shared key should be used exactly once, > for single operation. This means that you cannot loose the key and > you don't need to manage it. > > It would be best if we could pass the key to without writing it to > actual file so we don't have to clean it up later.
This is true, but it's difficult to pass the key securely to the server except through a temporary file or a pipe. Note that --tls-psk as proposed allows both (using a bit of bash trickery): nbdkit --tls-psk=/tmp/keys.psk nbdkit --tls-psk=<( my-secure-key-generating-program ) Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top _______________________________________________ Libguestfs mailing list [email protected] https://www.redhat.com/mailman/listinfo/libguestfs
