| 1 | <?xml version='1.0' encoding='UTF-8'?>
|
|---|
| 2 | <!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
|
|---|
| 3 | <topic xml:lang="en-us" id="vmencryption">
|
|---|
| 4 | <title>Encryption of VMs</title>
|
|---|
| 5 |
|
|---|
| 6 | <body>
|
|---|
| 7 | <p><ph conkeyref="vbox-conkeyref-phrases/product-name"/> enables you to transparently encrypt the VM data stored in
|
|---|
| 8 | the configuration file, saved state, and EFI boot data for the guest. </p>
|
|---|
| 9 | <p><ph conkeyref="vbox-conkeyref-phrases/product-name"/> uses the AES algorithm in various modes. The selected mode
|
|---|
| 10 | depends on the encrypting component of the VM. <ph conkeyref="vbox-conkeyref-phrases/product-name"/> supports
|
|---|
| 11 | 128-bit or 256-bit data encryption keys (DEK). The DEK is stored encrypted in the VM configuration file and is
|
|---|
| 12 | decrypted during VM startup. </p>
|
|---|
| 13 | <p>Since the DEK is stored as part of the VM configuration file, it is important that the file is kept safe. Losing
|
|---|
| 14 | the DEK means that the data stored in the VM is lost irrecoverably. Having complete and up-to-date backups of all
|
|---|
| 15 | data related to the VM is the responsibility of the user. </p>
|
|---|
| 16 | <p>The VM, even if it is encrypted, may contain media encrypted with different passwords. To deal with this, the
|
|---|
| 17 | password for the VM has a password identifier, in the same way as passwords for media. The password ID is an
|
|---|
| 18 | arbitrary string which uniquely identifies the password in the VM and its media. You can use the same password and
|
|---|
| 19 | ID for both the VM and its media. </p>
|
|---|
| 20 | </body>
|
|---|
| 21 | </topic>
|
|---|
