About virtual machine encryption.

Here you can provide suggestions on how to improve the product, website, etc.
Post Reply
Aphrodite
Posts: 29
Joined: 3. Jul 2020, 16:28

About virtual machine encryption.

Post by Aphrodite »

It is recommended that you encrypt the profile(.vbox) of the guest OS when encrypting the virtual machine. It's not just encrypting .vdi files.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: About virtual machine encryption.

Post by mpack »

Why? There's nothing private in a vbox file. It's just the hardware recipe for the VM, and it isn't accessible from inside the VM.

The only thing that VirtualBox encrypts is the VDI image sectors, not even the entire VDI. If that isn't enough, e.g. if you are concerned about people with physical access to your host then perhaps you should encrypt your host.
Aphrodite
Posts: 29
Joined: 3. Jul 2020, 16:28

Re: About virtual machine encryption.

Post by Aphrodite »

Because the .vbox file is clear text, it is not important for unencrypted guest operating systems. The VMware workstation encrypts the guest operating system, and the .vmx file is also encrypted. Do not want others to see the configuration parameters of the encrypted guest operating system.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: About virtual machine encryption.

Post by scottgus1 »

To put a practical side to the hopes here, the only way encrypted .vbox 'recipe' files will happen is if the Oracle paying customers want it or if a user contributes code.

Additionally, if one is worried about unauthorized persons accessing the .vbox file to see how the guest is formatted (which one can also see in the guest's Settings in the main Virtualbox window, which has zero (0) lockdown capabilities and anyone can start it and see it) then one has unauthorized persons accessing their computer files - a much bigger problem, and as the InfoSec gurus say, "if someone gets physical access to your computer, it's not your computer anymore."

in my humble opinion, worrying about the .vbox file is much smaller fruit than keeping people out of the host PC in the first place.
Aphrodite
Posts: 29
Joined: 3. Jul 2020, 16:28

Re: About virtual machine encryption.

Post by Aphrodite »

Sometimes the environment is like this, there is no way to completely isolate. Encrypting (if required) disk images and profiles of the guest operating system is better than clear text. Clear text files make it too easy to get the contents of a file.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: About virtual machine encryption.

Post by scottgus1 »

Honestly, the only way you'll get this is to tweak the source code and program it yourself.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: About virtual machine encryption.

Post by mpack »

I still do not see a convincing explanation of why the VM recipe should be private, or why VirtualBox should be concerned about protecting your host (that is your host OS's job): that VMware does something this pointless - which I have not verified btw - is not a good argument for us to do the same.

And it will be interesting to see how the problem is solved that the key to decrypt the .vbox is stored in the .vbox: presumably by using a less secure encryption method.
Aphrodite
Posts: 29
Joined: 3. Jul 2020, 16:28

Re: About virtual machine encryption.

Post by Aphrodite »

It is not a protection host. is an encrypted .vdi and .vbox file.
Is encrypting Word (.docx) files that the operating system should do?
Should disconnect network connect for network security?
We all know that there is no absolute security, Can't because these problem just don't to do.
VirtualBox Teams can assess whether the problem is worth doing.
mpack wrote:I still do not see a convincing explanation of why the VM recipe should be private, or why VirtualBox should be concerned about protecting your host (that is your host OS's job): that VMware does something this pointless - which I have not verified btw - is not a good argument for us to do the same.

And it will be interesting to see how the problem is solved that the key to decrypt the .vbox is stored in the .vbox: presumably by using a less secure encryption method.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: About virtual machine encryption.

Post by mpack »

Aphrodite wrote: Is encrypting Word (.docx) files that the operating system should do?
I would say yes. Why would you have individual apps reinventing the wheel?

VirtualBox encryption is intended to secure GUEST files from a HOST attack. Not HOST files from a HOST attack. I'll say again: if you need to protect your host then look to your host OS, along with mechanisms to prevent physical access to your PC.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: About virtual machine encryption.

Post by scottgus1 »

Revising my statement above that this will never happen if you don't program it yourself: A comment from Virtualbox personnel informs me that the devs may consider free users' ideas for implementation if a solid case for the idea can be made. And that the idea if accepted can happen faster if the user programs it according to Virtualbox standard and contributes the code.

The above said, Aphrodite, please consider your idea in light of this stated earlier:
scottgus1 wrote:[one can] see how the guest is formatted ... in the guest's Settings in the main Virtualbox window, which has zero (0) lockdown capabilities and anyone can start it and see it
Anyone standing at the computer can see the settings of the guest by selecting it in the main Virtualbox window. Thus they can see what the .vbox file tells Virtualbox to do with the guest. Seeing the guest settings will happen whether the .vbox file is encrypted or not.

How does encrypting the .vbox file protect from this unavoidable display of settings?
Post Reply