Added os-brick adjustments in the Image Encryption spec

A description for the changes in os-brick is added to this spec. Change-Id: Icc5a393b6ed5ab162d2456531500de0508949251 Co-Authored-By: Markus Hentsch <markus.hentsch@secustack.com>
2019-09-02 14:34:24 +02:00 · 2019-09-02 14:34:24 +02:00 · 89379fcecf
commit 89379fcecf
parent 256a502613
1 changed files with 13 additions and 2 deletions
--- a/specs/train/image-encryption.rst
+++ b/specs/train/image-encryption.rst
@ -140,6 +140,15 @@ used to encrypt an image, we will let Glance register as a consumer of that
 key (secret in Barbican [1]) when the corresponding encrypted image is
 uploaded and unregister as a consumer when the image is deleted in Glance.

+The methods for encryption and decryption of files - in this case images -
+will be written in a driver like manner in os-brick so the image encryption
+can be extended with another encryption format easily. The encryption driver
+should focus a specific encryption format and implement exactly one encrypt
+and one decrypt method, both based on a cipher implementation of GPG aes.
+This driver may be simple wrappers around an existing implementation. An
+abstract base class should be defined and be used for the implementation of
+GPG encryption (and might be used for other implementations in the future).
+

 Alternatives
 ------------
@ -240,7 +249,7 @@ Other deployer impact
 Developer impact
 ----------------

-* To use the encoding and decoding of images in the library, we need to
+* To use the encoding and decoding of images in os-brick, we need to
  execute priviledged functions. We decided to use privsep for this as in
  nova.

@ -274,6 +283,8 @@ Work Items
  creating encrypted images from volumes using the proposed image encryption
  format (GPG)

+* Add encryption and decryption methods for the GPG format in os-brick
+

 Dependencies
 ============
@ -328,5 +339,5 @@ History

   * - Release Name
     - Description
-   * - Stein
+   * - Train
     - Introduced