| 1 | <?xml version='1.0' encoding='UTF-8'?>
|
|---|
| 2 | <!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
|
|---|
| 3 | <topic xml:lang="en-us" id="diskencryption">
|
|---|
| 4 | <title>Encryption of Disk Images</title>
|
|---|
| 5 |
|
|---|
| 6 | <body>
|
|---|
| 7 | <p><ph conkeyref="vbox-conkeyref-phrases/product-name"/> enables you to transparently encrypt the data stored in
|
|---|
| 8 | hard disk images for the guest. It does not depend on a specific image format to be used. Images which have the
|
|---|
| 9 | data encrypted are not portable between <ph conkeyref="vbox-conkeyref-phrases/product-name"/> and other
|
|---|
| 10 | virtualization software. </p>
|
|---|
| 11 | <p><ph conkeyref="vbox-conkeyref-phrases/product-name"/> uses the AES algorithm in XTS mode and supports 128-bit or
|
|---|
| 12 | 256-bit data encryption keys (DEK). The DEK is stored encrypted in the medium properties and is decrypted during
|
|---|
| 13 | VM startup by entering a password which was chosen when the image was encrypted. </p>
|
|---|
| 14 | <p>Since the DEK is stored as part of the VM configuration file, it is important that it is kept safe. Losing the
|
|---|
| 15 | DEK means that the data stored in the disk images is lost irrecoverably. Having complete and up-to-date backups of
|
|---|
| 16 | all data related to the VM is the responsibility of the user. </p>
|
|---|
| 17 | </body>
|
|---|
| 18 | </topic>
|
|---|
