[dm-crypt] Questions regarding LUKS encryption

Sven Eschenberg sven at whgl.uni-frankfurt.de
Tue Mar 6 21:38:01 CET 2012

You might wanna check


And all your questions will be answered.

Aside from that the FAQ:


Might help to clarify the remaining questions

While LUKS is ascheme for key management and on disk storage of the keys, 
dm-crypt (dm target) is responsible for the encryption itself.



On Tue, March 6, 2012 07:24, ASHISH SINGHAI wrote:
> Hi,
> As per the PCI requirement 3 – protect data at rest.
> They mention LUKS as a RH disk encryption that answers all PCI
> requirements.
> I got basic information regarding PCI DSS encryption solution in Red Hat.
> So we need some more information before implement LUKS.
> Note that PCI DSS asks in requirement 3.4.1 *
> 3.4.1 *If disk encryption is used (rather than file- or column-level
> database encryption), logical access must be managed independently of
> native operating system access control mechanisms (for example, by not
> using local user account databases). Decryption keys must not be tied to
> user accounts.
> Please reply as soon as possible with the answers for the following
> questions.
> 1.  Is this requirement satisfied by LUKS?
> 2.  How apps access these files? They need a separate password for that?
> 3.  Also, how encryption keys are stored? Where?
> this is very important for me.
> Please help
> Thanks and Regards,
> Ashish Singhai
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

More information about the dm-crypt mailing list