[dm-crypt] Questions regarding LUKS encryption
Sven Eschenberg
sven at whgl.uni-frankfurt.de
Tue Mar 6 21:38:01 CET 2012
You might wanna check
http://cryptsetup.googlecode.com/svn/trunk/docs/on-disk-format.pdf
And all your questions will be answered.
Aside from that the FAQ:
http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions
Might help to clarify the remaining questions
While LUKS is ascheme for key management and on disk storage of the keys,
dm-crypt (dm target) is responsible for the encryption itself.
Regards
-Sven
On Tue, March 6, 2012 07:24, ASHISH SINGHAI wrote:
> Hi,
>
> As per the PCI requirement 3 – protect data at rest.
>
> They mention LUKS as a RH disk encryption that answers all PCI
> requirements.
> I got basic information regarding PCI DSS encryption solution in Red Hat.
>
> So we need some more information before implement LUKS.
>
> Note that PCI DSS asks in requirement 3.4.1 *
> 3.4.1 *If disk encryption is used (rather than file- or column-level
> database encryption), logical access must be managed independently of
> native operating system access control mechanisms (for example, by not
> using local user account databases). Decryption keys must not be tied to
> user accounts.
>
>
> Please reply as soon as possible with the answers for the following
> questions.
>
> 1. Is this requirement satisfied by LUKS?
>
> 2. How apps access these files? They need a separate password for that?
>
> 3. Also, how encryption keys are stored? Where?
>
>
> this is very important for me.
>
> Please help
>
>
> Thanks and Regards,
>
> Ashish Singhai
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>
More information about the dm-crypt
mailing list