I re-build qemu from the https://github.com/qemu/qemu, and it didn't show any errors.
I tried the cmd you suggested below: > qemu-nbd --object secret,id=sec0,file=passwd.txt,format=raw \ > -c /dev/nbd0 \ > --image-opts driver=qcow2,file.filename= > demo.qcow2,encrypt.format=luks,encrypt.key-secret=sec0 but it shows unrecognized option '--object ' why?I missed to install something? 2017-07-20 17:12 GMT+08:00 Daniel P. Berrange <berra...@redhat.com>: > On Thu, Jul 20, 2017 at 05:07:49PM +0800, 陳培泓 wrote: > > oh~ I don't know can expose the LUKS encryption. I'm sure the older(AES) > > can't be mounted by qemu-nbd. > > It can be mounted, with current git master (all the commands I show > below are for git master btw). > > You should, however, *never* use the old AES format any more. It is > broken by design and not considered secure. > > > If I encrypt by the command you recommended: > > > > > qemu-nbd --object secret,id=sec0,file=passwd.txt,format=raw \ > > > --image-opts driver=qcow2,file.filename= > > > demo.qcow2,encrypt.format=luks,encrypt.key-secret=sec0 > > This *is* exposing the encrypted file - not creating it. If you > want to connect to a host nbd device then you use the command > above, with the -c arg > > $ qemu-nbd --object secret,id=sec0,file=passwd.txt,format=raw \ > -c /dev/nbd0 \ > --image-opts driver=qcow2,file.filename= > demo.qcow2,encrypt.format=luks,encrypt.key-secret=sec0 > > > If you have a legacy AES qcow2 file the syntax is very similar > > $ qemu-nbd --object secret,id=sec0,file=passwd.txt,format=raw \ > -c /dev/nbd0 \ > --image-opts driver=qcow2,file.filename= > demo.qcow2,encrypt.format=aes,encrypt.key-secret=sec0 > > Note we just changed the encrypt.format parameter there. > > > To actually create an encrypted file in the first place you need the > qemu-img command > > $ qemu-img create --object secret,id=sec0,file=passwd.txt,format=raw \ > -f qcow2 -o encrypt.format=luks,encrypt.key-secret=sec0 \ > demo.qcow2 1G > > > Regards, > Daniel > -- > |: https://berrange.com -o- https://www.flickr.com/photos/ > dberrange :| > |: https://libvirt.org -o- > https://fstop138.berrange.com :| > |: https://entangle-photo.org -o- https://www.instagram.com/ > dberrange :| >