Am 18.03.2014 um 14:30 hat Daniel P. Berrange geschrieben: > Also, we shouldn't be focusing on QCow2 here. While we're certainly > aiming to obsolete QCow2's encryption, we should be aiming to cover > any of the drivers. eg people using the built-in rbd/iscsi/gluster/nfs > backends want to be able to use encryption too - we don't want to > force them to abandon the QEMU native block drivers and go to the > kernel for these network protocols just to use encryption.
I think the part that the qcow2 block driver should be contributing is just that it can automatically create an encryption layer if the image file header contains a flag that this new encryption mechanism is used. This way a similar interface as before could be provided, where the user basically just says '-hda encrypted.qcow2' and qemu will ask for the password. Kevin
