crypto: Implement TLS Pre-Shared Keys (PSK). - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Richard W.M. Jones	2018-07-03 10:03:03 +0200
committer	Daniel P. Berrangé	2018-07-03 14:04:38 +0200
commit	e1a6dc91ddb55ef77a705b62b6e62634631fd57d (patch)
tree	d5f8bd5ceacbe81dce54056209efa0fffe3a52c7 /hw/usb/hcd-ehci.c
parent	Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2018-07-02' into st... (diff)
download	qemu-e1a6dc91ddb55ef77a705b62b6e62634631fd57d.tar.gz qemu-e1a6dc91ddb55ef77a705b62b6e62634631fd57d.tar.xz qemu-e1a6dc91ddb55ef77a705b62b6e62634631fd57d.zip

crypto: Implement TLS Pre-Shared Keys (PSK).

Pre-Shared Keys (PSK) is a simpler mechanism for enabling TLS connections than using certificates. It requires only a simple secret key: $ mkdir -m 0700 /tmp/keys $ psktool -u rjones -p /tmp/keys/keys.psk $ cat /tmp/keys/keys.psk rjones:d543770c15ad93d76443fb56f501a31969235f47e999720ae8d2336f6a13fcbc The key can be secretly shared between clients and servers. Clients must specify the directory containing the "keys.psk" file and a username (defaults to "qemu"). Servers must specify only the directory. Example NBD client: $ qemu-img info \ --object tls-creds-psk,id=tls0,dir=/tmp/keys,username=rjones,endpoint=client \ --image-opts \ file.driver=nbd,file.host=localhost,file.port=10809,file.tls-creds=tls0,file.export=/ Example NBD server using qemu-nbd: $ qemu-nbd -t -x / \ --object tls-creds-psk,id=tls0,endpoint=server,dir=/tmp/keys \ --tls-creds tls0 \ image.qcow2 Example NBD server using nbdkit: $ nbdkit -n -e / -fv \ --tls=on --tls-psk=/tmp/keys/keys.psk \ file file=disk.img Signed-off-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

Diffstat (limited to 'hw/usb/hcd-ehci.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: