Encrypted volumes doc should use 256 bit key
The sample command uses a key size of 512 bits for an xts cipher. While this is actually a valid key size and cipher for a typical cryptsetup configuration, a key size of 512 bits does not play nicely with the key managers, since generally they do not exceed 256 bits. Changed the key from 512 to 256 becacuse standard key manager like any of the production-ready key managers OpenStack uses, mostly do not support 512 bit AES keys. Change-Id: I795d28120f86fa22b2eaeee44c6dc5c4aa40c8c3 Closes-Bug: 1616239
This commit is contained in:
parent
8e68fe1eaf
commit
39c5121c4c
@ -77,12 +77,12 @@ the volume.
|
||||
.. code-block:: console
|
||||
|
||||
|
||||
$ cinder encryption-type-create --cipher aes-xts-plain64 --key_size 512 \
|
||||
$ cinder encryption-type-create --cipher aes-xts-plain64 --key_size 256 \
|
||||
--control_location front-end LUKS nova.volume.encryptors.luks.LuksEncryptor
|
||||
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
|
||||
| Volume Type ID | Provider | Cipher | Key Size | Control Location |
|
||||
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
|
||||
| e64b35a4-a849-4c53-9cc7-2345d3c8fbde | nova.volume.encryptors.luks.LuksEncryptor | aes-xts-plain64 | 512 | front-end |
|
||||
| e64b35a4-a849-4c53-9cc7-2345d3c8fbde | nova.volume.encryptors.luks.LuksEncryptor | aes-xts-plain64 | 256 | front-end |
|
||||
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
|
||||
|
||||
The OpenStack dashboard (horizon) supports creating the encrypted
|
||||
|
Loading…
x
Reference in New Issue
Block a user