[dm-crypt] Questions regarding LUKS encryption

Sven Eschenberg sven at whgl.uni-frankfurt.de
Tue Mar 6 21:38:01 CET 2012


You might wanna check

http://cryptsetup.googlecode.com/svn/trunk/docs/on-disk-format.pdf

And all your questions will be answered.

Aside from that the FAQ:

http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions

Might help to clarify the remaining questions

While LUKS is ascheme for key management and on disk storage of the keys, 
dm-crypt (dm target) is responsible for the encryption itself.

Regards

-Sven


On Tue, March 6, 2012 07:24, ASHISH SINGHAI wrote:
> Hi,
>
> As per the PCI requirement 3 – protect data at rest.
>
> They mention LUKS as a RH disk encryption that answers all PCI
> requirements.
> I got basic information regarding PCI DSS encryption solution in Red Hat.
>
> So we need some more information before implement LUKS.
>
> Note that PCI DSS asks in requirement 3.4.1 *
> 3.4.1 *If disk encryption is used (rather than file- or column-level
> database encryption), logical access must be managed independently of
> native operating system access control mechanisms (for example, by not
> using local user account databases). Decryption keys must not be tied to
> user accounts.
>
>
> Please reply as soon as possible with the answers for the following
> questions.
>
> 1.  Is this requirement satisfied by LUKS?
>
> 2.  How apps access these files? They need a separate password for that?
>
> 3.  Also, how encryption keys are stored? Where?
>
>
> this is very important for me.
>
> Please help
>
>
> Thanks and Regards,
>
> Ashish Singhai
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>




More information about the dm-crypt mailing list