doc/manual/en_US/man_VBoxManage-encryptmedium.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

<?xml version="1.0" encoding="UTF-8"?>
<!--
    manpage, user manual, usage: VBoxManage encryptmedium
-->
<!--
    Copyright (C) 2006-2022 Oracle and/or its affiliates.

    This file is part of VirtualBox base platform packages, as
    available from https://www.virtualbox.org.

    This program is free software; you can redistribute it and/or
    modify it under the terms of the GNU General Public License
    as published by the Free Software Foundation, in version 3 of the
    License.

    This program is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, see <https://www.gnu.org/licenses>.

    SPDX-License-Identifier: GPL-3.0-only
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[
<!ENTITY % all.entities SYSTEM "all-entities.ent">
%all.entities;
]>
<refentry id="vboxmanage-encryptmedium" lang="en">
  <refentryinfo>
    <pubdate>$Date: 2022-08-22 19:43:14 +0200 (Mon, 22 Aug 2022) $</pubdate>
    <title>VBoxManage encryptmedium</title>
  </refentryinfo>

  <refmeta>
    <refentrytitle>VBoxManage-encryptmedium</refentrytitle>
    <manvolnum>1</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>VBoxManage-encryptmedium</refname>
    <refpurpose>manage a DEK-encrypted medium or image</refpurpose>
    <refclass>&product-name;</refclass>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis id="synopsis-vboxmanage-encryptmedium">
<!-- The 'id' is mandatory and must start with 'synopsis-'. -->
      <command>VBoxManage encryptmedium</command>
      <group choice="req">
        <arg choice="plain"><replaceable>uuid</replaceable></arg>
        <arg choice="plain"><replaceable>filename</replaceable></arg>
      </group>
      <arg>--cipher=<replaceable>cipher-ID</replaceable></arg>
      <arg>--newpassword=<replaceable>password</replaceable></arg>
      <arg>--newpasswordid=<replaceable>password-ID</replaceable></arg>
      <arg>--oldpassword=<replaceable>password</replaceable></arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>
    <para>
      The <command>VBoxManage encryptmedium</command> command enables
      you to create and manage a DEK-encrypted medium or image. You can
      encrypt an image, decrypt an image, and change the encryption
      password of an image. See
      <xref linkend="diskencryption-encryption" />.
    </para>
    <variablelist>
      <varlistentry>
        <term><replaceable>uuid</replaceable> | <replaceable>filename</replaceable></term>
        <listitem><para>
            Specifies the Universally Unique Identifier (UUID) or the
            absolute path name of the medium or image to encrypt.
          </para></listitem>
      </varlistentry>
      <varlistentry>
        <term><option>--newpassword=<replaceable>password</replaceable></option></term>
        <listitem><para>
            Specifies the new encryption password.
            <replaceable>password</replaceable> is either the absolute
            path name of a password file on the host operating system or
            <literal>-</literal>, which prompts you for the password.
          </para><para>
            You must use the <option>--newpasswordid</option> option
            with this <option>--newpassword</option> option.
          </para></listitem>
      </varlistentry>
      <varlistentry>
        <term><option>--oldpassword=<replaceable>password</replaceable></option></term>
        <listitem><para>
            Specifies the original encryption password.
            <replaceable>password</replaceable> is either the absolute
            path name of a password file on the host operating system or
            <literal>-</literal>, which prompts you for the original
            password.
          </para><para>
            This option enables you to gain access to an encrypted
            medium or image to do the following:
          </para><itemizedlist>
            <listitem><para>
                Decrypt an encrypted image by using this option by
                itself.
              </para></listitem>
            <listitem><para>
                Change the password of the encrypted image by using the
                <option>--newpassword</option> option.
              </para></listitem>
            <listitem><para>
                Change the encryption cipher of the image by using the
                <option>--cipher</option> option.
              </para></listitem>
          </itemizedlist></listitem>
      </varlistentry>
      <varlistentry>
        <term><option>--cipher=<replaceable>cipher-ID</replaceable></option></term>
        <listitem><para>
            Specifies the cipher to use for encryption. Valid values are
            <literal>AES-XTS128-PLAIN64</literal> or
            <literal>AES-XTS256-PLAIN64</literal>.
          </para><para>
            This option enables you to set up or change encryption on
            the medium or image.
          </para></listitem>
      </varlistentry>
      <varlistentry>
        <term><option>--newpasswordid=<replaceable>password-ID</replaceable></option></term>
        <listitem><para>
            Specifies a new password identifier that is used for correct
            identification when supplying multiple passwords during VM
            startup.
          </para><para>
            If you use the same password and password identifier when
            encrypting multiple images, you need to supply the password
            only one time during VM startup.
          </para></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Examples</title>
    <remark role="help-scope" condition="GLOBAL"/>
    <para>
      The following example shows how to encrypt the
      <filename>ol7u4-1.vdi</filename> image by using the
      <literal>AES-XTS128-PLAIN64</literal> cipher, specifying a
      password identifier of <literal>1001</literal>, and using the
      <filename>$HOME/pwfile</filename> password file:
    </para>
<screen>$ VBoxManage encryptmedium "$HOME/VirtualBox VMs/ol7u4/ol7u4-1.vdi" \
  --cipher="AES-XTS128-PLAIN64" --newpasswordid="1001" --newpassword=$HOME/pwfile</screen>
    <para>
      The following example shows how to decrypt an encrypted image
      called <filename>ol7u4-2.vdi</filename>:
    </para>
<screen>$ VBoxManage encryptmedium "$HOME/VirtualBox VMs/ol7u4/ol7u4-2.vdi" \
  --oldpassword=-
  Password: <replaceable>original-password</replaceable></screen>
    <para>
      The following example shows how to change the password for an
      encrypted image called <filename>ol7u4-3.vdi</filename>. The
      command reads the original password from the
      <filename>$HOME/pwfile.orig</filename> file, reads the new
      password from the <filename>$HOME/pwfile</filename> file, and
      assigns a password identifier of <literal>1001</literal>.
    </para>
<screen>$ VBoxManage encryptmedium "$HOME/VirtualBox VMs/ol7u4/ol7u4-3.vdi" \
  --oldpassword=$HOME/pwfile.orig --newpassword=$HOME/pwfile --newpasswordid="1001"</screen>
  </refsect1>
</refentry>