3

Does Hyper-V provide a mechanism (like ESX/vSphere) to identify digitally signed VHD files? Is it even possible to sign a VHD file?

Background: I am trying to provide a virtual appliance to my prospective customers, which they could just import in their hypervisor setup - be it ESX/vCenter, XenServer or Hyper-V. Towards that end, I export the VM in an OVF package and then sign it. Now, these signatures are verified and reported by vSphere/ESX, when anybody imports the OVF file on ESX. But Hyper-V doesn't support importing an OVF package. So, I have to convert the disk (.vmdk) into .vhd, which can be attached with a VM in Hyper-V. My goal is to ensure that VHD is not tampered with, after I publish it and before anyone imports it in his/her setup.

grv
  • 33
  • 4
  • What are you exactly trying to do? – MichelZ May 08 '14 at 10:38
  • MichelZ! I am trying to provide a virtual appliance to my prospective customers, which they could just import in their hypervisor setup - be it ESX/vCenter, Citrix XenServer or MS Hyper-V? – grv May 08 '14 at 11:54
  • It'd be easier to provide a checksum whenever you release the file to your customers rather than relying on digital signatures. – Nathan C May 08 '14 at 12:06
  • Thanks, Nathan for your input. It'll probably be my second choice. – grv May 08 '14 at 12:44
  • Updated the question to add more background info. – grv May 08 '14 at 12:54

2 Answers2

5

If you want to make sure the image has not been tampared with, just publish an MD5/SHA checksum, as many others do with such types of downloads.

There is nothing built-in to hyper-v

MichelZ
  • 11,008
  • 4
  • 30
  • 58
3

How do you think that would work? The signature would be invalid the moment the appliance changes anything in the file.

No, it is not supported.

TomTom
  • 50,857
  • 7
  • 52
  • 134
  • TomTom! I only need to ensure that VHD is not tampered with, after I publish it and before anyone imports it in his/her setup. Changes after it has been imported and is under-use is not something, I am worried about. Same is true of digital signatures with OVF file. – grv May 08 '14 at 11:50
  • No support. Hyper-V has too much an enterprise side "focus" - not a "distribute appliances". – TomTom May 08 '14 at 12:28