Encrypted volumes doc should use 256 bit key

The sample command uses a key size of 512 bits for an xts cipher.
While this is actually a valid key size and cipher for a typical
cryptsetup configuration, a key size of 512 bits does not play
nicely with the key managers, since generally they do not exceed
256 bits.

Changed the key from 512 to 256 becacuse standard key manager like
any of the production-ready key managers OpenStack uses, mostly do
not support 512 bit AES keys.

Change-Id: I795d28120f86fa22b2eaeee44c6dc5c4aa40c8c3
Closes-Bug: 1616239
This commit is contained in:
Akshil Verma 2016-12-21 11:18:00 -06:00
parent 8e68fe1eaf
commit 39c5121c4c

View File

@ -77,12 +77,12 @@ the volume.
.. code-block:: console
$ cinder encryption-type-create --cipher aes-xts-plain64 --key_size 512 \
$ cinder encryption-type-create --cipher aes-xts-plain64 --key_size 256 \
--control_location front-end LUKS nova.volume.encryptors.luks.LuksEncryptor
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
| Volume Type ID | Provider | Cipher | Key Size | Control Location |
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
| e64b35a4-a849-4c53-9cc7-2345d3c8fbde | nova.volume.encryptors.luks.LuksEncryptor | aes-xts-plain64 | 512 | front-end |
| e64b35a4-a849-4c53-9cc7-2345d3c8fbde | nova.volume.encryptors.luks.LuksEncryptor | aes-xts-plain64 | 256 | front-end |
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
The OpenStack dashboard (horizon) supports creating the encrypted