[dm-crypt] Questions regarding LUKS encryption

Arno Wagner arno at wagner.name
Tue Mar 6 21:20:32 CET 2012


Hi,

why not have a look into the LUKS FAQ and the LUKS on disk
format spec? It has all the info. If it is really important to
you, then you can most definitely invest 1-2 hours reading
documentation and then ask any remaining questions...

Arno


On Tue, Mar 06, 2012 at 11:54:36AM +0530, ASHISH SINGHAI wrote:
> Hi,
> 
> As per the PCI requirement 3 ? protect data at rest.
> 
> They mention LUKS as a RH disk encryption that answers all PCI requirements.
> I got basic information regarding PCI DSS encryption solution in Red Hat.
> 
> So we need some more information before implement LUKS.
> 
> Note that PCI DSS asks in requirement 3.4.1 *
> 3.4.1 *If disk encryption is used (rather than file- or column-level
> database encryption), logical access must be managed independently of
> native operating system access control mechanisms (for example, by not
> using local user account databases). Decryption keys must not be tied to
> user accounts.
> 
> 
> Please reply as soon as possible with the answers for the following
> questions.
> 
> 1.  Is this requirement satisfied by LUKS?
>
> 2.  How apps access these files? They need a separate password for that?
>
> 3.  Also, how encryption keys are stored? Where?
> 
> 
> this is very important for me.
> 
> Please help
> 
> 
> Thanks and Regards,
> 
> Ashish Singhai

> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 


More information about the dm-crypt mailing list