From 89379fcecf3b8ae5e42907e0252a080858044c35 Mon Sep 17 00:00:00 2001 From: Josephine Seifert Date: Mon, 2 Sep 2019 14:34:24 +0200 Subject: [PATCH] Added os-brick adjustments in the Image Encryption spec A description for the changes in os-brick is added to this spec. Change-Id: Icc5a393b6ed5ab162d2456531500de0508949251 Co-Authored-By: Markus Hentsch --- specs/train/image-encryption.rst | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/specs/train/image-encryption.rst b/specs/train/image-encryption.rst index 318ab914..8e7ffc78 100644 --- a/specs/train/image-encryption.rst +++ b/specs/train/image-encryption.rst @@ -140,6 +140,15 @@ used to encrypt an image, we will let Glance register as a consumer of that key (secret in Barbican [1]) when the corresponding encrypted image is uploaded and unregister as a consumer when the image is deleted in Glance. +The methods for encryption and decryption of files - in this case images - +will be written in a driver like manner in os-brick so the image encryption +can be extended with another encryption format easily. The encryption driver +should focus a specific encryption format and implement exactly one encrypt +and one decrypt method, both based on a cipher implementation of GPG aes. +This driver may be simple wrappers around an existing implementation. An +abstract base class should be defined and be used for the implementation of +GPG encryption (and might be used for other implementations in the future). + Alternatives ------------ @@ -240,7 +249,7 @@ Other deployer impact Developer impact ---------------- -* To use the encoding and decoding of images in the library, we need to +* To use the encoding and decoding of images in os-brick, we need to execute priviledged functions. We decided to use privsep for this as in nova. @@ -274,6 +283,8 @@ Work Items creating encrypted images from volumes using the proposed image encryption format (GPG) +* Add encryption and decryption methods for the GPG format in os-brick + Dependencies ============ @@ -328,5 +339,5 @@ History * - Release Name - Description - * - Stein + * - Train - Introduced