By Simon Coter-Oracle on Sep 12, 2015
On July 9th 2015 we released our new VirtualBox 5.0 major release.
This release introduced many new features like:
• Virtual Machine Management
- Paravirtualization support for Windows and Linux guests
- More instruction set extensions available to the guest
• Device support
- xHCI Controller to support USB 3 devices
- Improved Drag and drop support
- Disk image encryption
- VMs started with separate GUI – foreground – / VM – background – processes
And a further list of GUI enhancements that will be better described in the next articles.
The new features that I’m going to introduce today is “Disk Image Encryption”.
As you know, the encryption options is something available also on your Host Operating System and for business environments could be a must-to-have; that said, usually, someone could say:
“I already have my encryption at a lower level (Host OS), why do I need further encryption for my vms ??”
Personally I think that today having encryption on your personal or company laptop could not be enough; the era of CDs/DVDs is going to end (maybe it’s already over) but a new era is coming:
• Local: USB-Keys, USB-disks and, even, mobile devices like our smartphones
• Remote: cloud backup solutions ( free or paid )
Once we are going to copy or move something ( in our example virtual-machines ) on an external local device or on a cloud backup solution often the destination could not be encrypted; so, while your company spent a bunch of $ to have data encryption, your virtual-machines, once copied on external-devices, could have been accessed and used by everyone.
Our virtual-machine, created on top of VirtualBox, could contain confidential information, or our next software release, software code or anything else that needs the highest security level.
So, this is the target of our new feature “Disk Image Encryption”; thanks to this feature you’ll have encrypted virtual-machines and even if you are going to copy/clone or move them on external-devices / web-storage / cloud-backup their built-in encryption will maintain your data secure.
Note: The “Disk Image Encryption” is shipped as a VirtualBox extension pack, which must be installed separately.
• Starting with VirtualBox 5.0 ( our latest release today is 5.0.4 ), it is possible to encrypt the data stored in hard disk images transparently for the guest. VirtualBox uses the AES algorithm in XTS mode and supports 128 or 256 bit data encryption keys (DEK):
VBoxManage encryptmedium "uuid|filename" --newpassword "file|-" --cipher "cipher id" --newpasswordid "id"
VBoxManage controlvm "uuid|vmname" addencpassword "id" "password" [--removeonsuspend "yes|no"]
Since the DEK is stored as part of the VM configuration file, it is important that it is kept safe. Losing the DEK means that the data stored in the disk images is lost irrecoverably. Having complete and up to date backups of all data related to the VM is the responsibility of the user.
Here an example of the configuration file of one encrypted virtual-machine:
This is our first chapter of many, about new features introduced by VirtualBox 5.0. See you to the next feature!
Let's keep in touch!