If no --encryption-format specified at all, default to "luks" for each
specified --encryption-passphrase-file.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
One of the stated goals is compatibility with standard LUKS tools,
in particular being able to load encryption on images formatted with
cryptsetup. cryptsetup doesn't do this and this really interferes
with randomly generated (binary) passphrases.
While at it, open passphrase files as binary -- it communicates the
intent if nothing else on POSIX.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
This commit adds the encryption format support for cloned images via the RBD cli,
making the child image be encrypted with a key different from it parent,
while keeping the child thinly-provisioned.
Additionally, other APIs are extended to support flattening of such images.
Signed-off-by: Or Ozeri <oro@il.ibm.com>
This commits extends rbd API's to allow the user to load encryption
using either LUKS1 or LUKS2 formats, without explicitly specifying which.
Prior, the user had to specify explicitly LUKS1 or LUKS2.
Signed-off-by: Or Ozeri <oro@il.ibm.com>
