container encryption
-
- Posts: 2
- Joined: 4. Oct 2021, 20:09
- Primary OS: MS Windows 10
- VBox Version: OSE self-compiled
- Guest OSses: windows xp
- Contact:
container encryption
Hi, could I encrypt virtual container, or its better directly create virtual machine inside an encrypted disk like truecrypt? Or it will slow down loading of virtual system?
-
- Site Moderator
- Posts: 20965
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: container encryptiom
A Virtualbox "container" (which we call the guest or the VM) consists of a folder containing a .vbox file (which is the VM's 'motherboard' so-to-speak) and one or more disk files.
Virtualbox supports encrypting only the VM's disk file(s), nothing else. There is an encryption key included in the .vbox file. The key works with your password to run the disk file. You must back up the .vbox file to preserve that key. If the key is lost, the disk file cannot be decrypted.
You can also run a Virtualbox VM on an encrypted host-PC volume (like TrueCrypt). I would not encrypt the VM itself through Virtualbox if the VM is going to be stored on an encrypted host volume. Double encryption might slow down the VM.
Note again that no recovery methods are available if the .vbox file's encryption key is lost. Backupas are imperative.
Virtualbox supports encrypting only the VM's disk file(s), nothing else. There is an encryption key included in the .vbox file. The key works with your password to run the disk file. You must back up the .vbox file to preserve that key. If the key is lost, the disk file cannot be decrypted.
You can also run a Virtualbox VM on an encrypted host-PC volume (like TrueCrypt). I would not encrypt the VM itself through Virtualbox if the VM is going to be stored on an encrypted host volume. Double encryption might slow down the VM.
If the question is about speed, I'd say either Virtualbox encryption or TrueCrypt-style encryption but not both. You can always try an experiment.octopis wrote:its better
Note again that no recovery methods are available if the .vbox file's encryption key is lost. Backupas are imperative.
-
- Posts: 2
- Joined: 4. Oct 2021, 20:09
- Primary OS: MS Windows 10
- VBox Version: OSE self-compiled
- Guest OSses: windows xp
- Contact:
Re: container encryptiom
Hi, thank you forma your reply.... So I think better way si hard drive encryption where the "container" si located...
Sorry for asking details bit which encryption si used by VB forma its container, does it enough secure ad truecrypt?
Sorry for asking details bit which encryption si used by VB forma its container, does it enough secure ad truecrypt?
-
- Site Moderator
- Posts: 39156
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: container encryptiom
You need to be very, very careful with encryption. Encryption involves randomizing the data making it totally unrecoverable if you don't have the decryption key. Do a test of backing up and restoring the VM, and make sure that the restore works even with encryption. And consider how you'll remember the password for this particular backup in x years time.
We have had people on this site who have stored bitcoin in an encrypted VM, but failed to back up the VM correctly: they backed up the VDI but failed to back up the .vbox file containing the decryption key (DEK). They never practised a restore, so they didn't find out the backups were faulty until after a PC hard drive died. Then all they had was the password which unlocks the DEK, and a backed up VDI which was useless without the DEK. Nobody here can help you in that scenario. The whole idea of encryption is that if you don't have the key then... tough luck pal. So it was bye bye bitcoin.
We have had people on this site who have stored bitcoin in an encrypted VM, but failed to back up the VM correctly: they backed up the VDI but failed to back up the .vbox file containing the decryption key (DEK). They never practised a restore, so they didn't find out the backups were faulty until after a PC hard drive died. Then all they had was the password which unlocks the DEK, and a backed up VDI which was useless without the DEK. Nobody here can help you in that scenario. The whole idea of encryption is that if you don't have the key then... tough luck pal. So it was bye bye bitcoin.