1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
|
<?xml version="1.0" encoding="UTF-8"?>
<!--
manpage, user manual, usage: VBoxManage encryptmedium
-->
<!--
Copyright (C) 2006-2024 Oracle and/or its affiliates.
This file is part of VirtualBox base platform packages, as
available from https://www.virtualbox.org.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation, in version 3 of the
License.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, see <https://www.gnu.org/licenses>.
SPDX-License-Identifier: GPL-3.0-only
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[
<!ENTITY % all.entities SYSTEM "all-entities.ent">
%all.entities;
]>
<refentry id="vboxmanage-encryptmedium" lang="en">
<refentryinfo>
<pubdate>$Date: 2024-09-16 16:03:52 +0200 (Mon, 16 Sep 2024) $</pubdate>
<title>VBoxManage encryptmedium</title>
</refentryinfo>
<refmeta>
<refentrytitle>VBoxManage-encryptmedium</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>VBoxManage-encryptmedium</refname>
<refpurpose>manage a DEK-encrypted medium or image</refpurpose>
<refclass>&product-name;</refclass>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis id="synopsis-vboxmanage-encryptmedium">
<!-- The 'id' is mandatory and must start with 'synopsis-'. -->
<command>VBoxManage encryptmedium</command>
<group choice="req">
<arg choice="plain"><replaceable>uuid</replaceable></arg>
<arg choice="plain"><replaceable>filename</replaceable></arg>
</group>
<arg>--cipher=<replaceable>cipher-ID</replaceable></arg>
<arg>--newpassword=<replaceable>password</replaceable></arg>
<arg>--newpasswordid=<replaceable>password-ID</replaceable></arg>
<arg>--oldpassword=<replaceable>password</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id="vboxmanage-encryptmedium-description">
<title>Description</title>
<para>
The <command>VBoxManage encryptmedium</command> command enables
you to create and manage a DEK-encrypted medium or image. You can
encrypt an image, decrypt an image, and change the encryption
password of an image. See
<xref linkend="diskencryption-encryption" />.
</para>
<variablelist>
<varlistentry>
<term><replaceable>uuid</replaceable> | <replaceable>filename</replaceable></term>
<listitem><para>
Specifies the Universally Unique Identifier (UUID) or the
absolute path name of the medium or image to encrypt.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--newpassword=<replaceable>password</replaceable></option></term>
<listitem><para>
Specifies the new encryption password.
<replaceable>password</replaceable> is either the absolute
path name of a password file on the host operating system or
<literal>-</literal>, which prompts you for the password.
</para><para>
You must use the <option>--newpasswordid</option> option
with this <option>--newpassword</option> option.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--oldpassword=<replaceable>password</replaceable></option></term>
<listitem><para>
Specifies the original encryption password.
<replaceable>password</replaceable> is either the absolute
path name of a password file on the host operating system or
<literal>-</literal>, which prompts you for the original
password.
</para><para>
This option enables you to gain access to an encrypted
medium or image to do the following:
</para><itemizedlist>
<listitem><para>
Decrypt an encrypted image by using this option by
itself.
</para></listitem>
<listitem><para>
Change the password of the encrypted image by using the
<option>--newpassword</option> option.
</para></listitem>
<listitem><para>
Change the encryption cipher of the image by using the
<option>--cipher</option> option.
</para></listitem>
</itemizedlist></listitem>
</varlistentry>
<varlistentry>
<term><option>--cipher=<replaceable>cipher-ID</replaceable></option></term>
<listitem><para>
Specifies the cipher to use for encryption. Valid values are
<literal>AES-XTS128-PLAIN64</literal> or
<literal>AES-XTS256-PLAIN64</literal>.
</para><para>
This option enables you to set up or change encryption on
the medium or image.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--newpasswordid=<replaceable>password-ID</replaceable></option></term>
<listitem><para>
Specifies a new password identifier that is used for correct
identification when supplying multiple passwords during VM
startup.
</para><para>
If you use the same password and password identifier when
encrypting multiple images, you need to supply the password
only one time during VM startup.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="vboxmanage-encryptmedium-examples">
<title>Examples</title>
<remark role="help-scope" condition="GLOBAL"/>
<para>
The following example shows how to encrypt the
<filename>ol7u4-1.vdi</filename> image by using the
<literal>AES-XTS128-PLAIN64</literal> cipher, specifying a
password identifier of <literal>1001</literal>, and using the
<filename>$HOME/pwfile</filename> password file:
</para>
<screen>$ VBoxManage encryptmedium "$HOME/VirtualBox VMs/ol7u4/ol7u4-1.vdi" \
--cipher="AES-XTS128-PLAIN64" --newpasswordid="1001" --newpassword=$HOME/pwfile</screen>
<para>
The following example shows how to decrypt an encrypted image
called <filename>ol7u4-2.vdi</filename>:
</para>
<screen>$ VBoxManage encryptmedium "$HOME/VirtualBox VMs/ol7u4/ol7u4-2.vdi" \
--oldpassword=-
Password: <replaceable>original-password</replaceable></screen>
<para>
The following example shows how to change the password for an
encrypted image called <filename>ol7u4-3.vdi</filename>. The
command reads the original password from the
<filename>$HOME/pwfile.orig</filename> file, reads the new
password from the <filename>$HOME/pwfile</filename> file, and
assigns a password identifier of <literal>1001</literal>.
</para>
<screen>$ VBoxManage encryptmedium "$HOME/VirtualBox VMs/ol7u4/ol7u4-3.vdi" \
--oldpassword=$HOME/pwfile.orig --newpassword=$HOME/pwfile --newpasswordid="1001"</screen>
</refsect1>
</refentry>
|
