[dm-crypt] Questions regarding LUKS encryption
sven at whgl.uni-frankfurt.de
Tue Mar 6 21:38:01 CET 2012
You might wanna check
And all your questions will be answered.
Aside from that the FAQ:
Might help to clarify the remaining questions
While LUKS is ascheme for key management and on disk storage of the keys,
dm-crypt (dm target) is responsible for the encryption itself.
On Tue, March 6, 2012 07:24, ASHISH SINGHAI wrote:
> As per the PCI requirement 3 – protect data at rest.
> They mention LUKS as a RH disk encryption that answers all PCI
> I got basic information regarding PCI DSS encryption solution in Red Hat.
> So we need some more information before implement LUKS.
> Note that PCI DSS asks in requirement 3.4.1 *
> 3.4.1 *If disk encryption is used (rather than file- or column-level
> database encryption), logical access must be managed independently of
> native operating system access control mechanisms (for example, by not
> using local user account databases). Decryption keys must not be tied to
> user accounts.
> Please reply as soon as possible with the answers for the following
> 1. Is this requirement satisfied by LUKS?
> 2. How apps access these files? They need a separate password for that?
> 3. Also, how encryption keys are stored? Where?
> this is very important for me.
> Please help
> Thanks and Regards,
> Ashish Singhai
> dm-crypt mailing list
> dm-crypt at saout.de
More information about the dm-crypt