| 1 | <?xml version='1.0' encoding='UTF-8'?>
|
|---|
| 2 | <!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
|
|---|
| 3 | <topic xml:lang="en-us" id="vmencryption">
|
|---|
| 4 | <title>Encryption of VMs</title>
|
|---|
| 5 |
|
|---|
| 6 | <body>
|
|---|
| 7 | <p>
|
|---|
| 8 | Oracle VM VirtualBox enables you to transparently encrypt the VM data
|
|---|
| 9 | stored in the configuration file, saved state, and EFI boot data
|
|---|
| 10 | for the guest.
|
|---|
| 11 | </p>
|
|---|
| 12 | <p>
|
|---|
| 13 | Oracle VM VirtualBox uses the AES algorithm in various modes. The
|
|---|
| 14 | selected mode depends on the encrypting component of the VM.
|
|---|
| 15 | Oracle VM VirtualBox supports 128-bit or 256-bit data encryption keys
|
|---|
| 16 | (DEK). The DEK is stored encrypted in the VM configuration file
|
|---|
| 17 | and is decrypted during VM startup.
|
|---|
| 18 | </p>
|
|---|
| 19 | <p>
|
|---|
| 20 | Since the DEK is stored as part of the VM configuration file, it
|
|---|
| 21 | is important that the file is kept safe. Losing the DEK means that
|
|---|
| 22 | the data stored in the VM is lost irrecoverably. Having complete
|
|---|
| 23 | and up to date backups of all data related to the VM is the
|
|---|
| 24 | responsibility of the user.
|
|---|
| 25 | </p>
|
|---|
| 26 | <p>
|
|---|
| 27 | The VM, even if it is encrypted, may contain media encrypted with
|
|---|
| 28 | different passwords. To deal with this, the password for the VM
|
|---|
| 29 | has a password identifier, in the same way as passwords for media.
|
|---|
| 30 | The password ID is an arbitrary string which uniquely identifies
|
|---|
| 31 | the password in the VM and its media. You can use the same
|
|---|
| 32 | password and ID for both the VM and its media.
|
|---|
| 33 | </p>
|
|---|
| 34 | </body>
|
|---|
| 35 | </topic>
|
|---|
