container encryption

Discussions related to using VirtualBox on Windows hosts.
Post Reply
octopis
Posts: 2
Joined: 4. Oct 2021, 20:09
Primary OS: MS Windows 10
VBox Version: OSE self-compiled
Guest OSses: windows xp
Contact:

container encryption

Post by octopis »

Hi, could I encrypt virtual container, or its better directly create virtual machine inside an encrypted disk like truecrypt? Or it will slow down loading of virtual system?
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: container encryptiom

Post by scottgus1 »

A Virtualbox "container" (which we call the guest or the VM) consists of a folder containing a .vbox file (which is the VM's 'motherboard' so-to-speak) and one or more disk files.

Virtualbox supports encrypting only the VM's disk file(s), nothing else. There is an encryption key included in the .vbox file. The key works with your password to run the disk file. You must back up the .vbox file to preserve that key. If the key is lost, the disk file cannot be decrypted.

You can also run a Virtualbox VM on an encrypted host-PC volume (like TrueCrypt). I would not encrypt the VM itself through Virtualbox if the VM is going to be stored on an encrypted host volume. Double encryption might slow down the VM.
octopis wrote:its better
If the question is about speed, I'd say either Virtualbox encryption or TrueCrypt-style encryption but not both. You can always try an experiment.

Note again that no recovery methods are available if the .vbox file's encryption key is lost. Backupas are imperative.
octopis
Posts: 2
Joined: 4. Oct 2021, 20:09
Primary OS: MS Windows 10
VBox Version: OSE self-compiled
Guest OSses: windows xp
Contact:

Re: container encryptiom

Post by octopis »

Hi, thank you forma your reply.... So I think better way si hard drive encryption where the "container" si located...
Sorry for asking details bit which encryption si used by VB forma its container, does it enough secure ad truecrypt?
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: container encryptiom

Post by mpack »

You need to be very, very careful with encryption. Encryption involves randomizing the data making it totally unrecoverable if you don't have the decryption key. Do a test of backing up and restoring the VM, and make sure that the restore works even with encryption. And consider how you'll remember the password for this particular backup in x years time.

We have had people on this site who have stored bitcoin in an encrypted VM, but failed to back up the VM correctly: they backed up the VDI but failed to back up the .vbox file containing the decryption key (DEK). They never practised a restore, so they didn't find out the backups were faulty until after a PC hard drive died. Then all they had was the password which unlocks the DEK, and a backed up VDI which was useless without the DEK. Nobody here can help you in that scenario. The whole idea of encryption is that if you don't have the key then... tough luck pal. So it was bye bye bitcoin.
Post Reply