[dm-crypt] Questions regarding LUKS encryption

ASHISH SINGHAI ashishsinghai09 at gmail.com
Tue Mar 6 07:24:36 CET 2012


As per the PCI requirement 3 – protect data at rest.

They mention LUKS as a RH disk encryption that answers all PCI requirements.
I got basic information regarding PCI DSS encryption solution in Red Hat.

So we need some more information before implement LUKS.

Note that PCI DSS asks in requirement 3.4.1 *
3.4.1 *If disk encryption is used (rather than file- or column-level
database encryption), logical access must be managed independently of
native operating system access control mechanisms (for example, by not
using local user account databases). Decryption keys must not be tied to
user accounts.

Please reply as soon as possible with the answers for the following

1.  Is this requirement satisfied by LUKS?

2.  How apps access these files? They need a separate password for that?

3.  Also, how encryption keys are stored? Where?

this is very important for me.

Please help

Thanks and Regards,

Ashish Singhai
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20120306/babaae7b/attachment.html>

More information about the dm-crypt mailing list