[dm-crypt] Questions regarding LUKS encryption

Arno Wagner arno at wagner.name
Tue Mar 6 21:20:32 CET 2012


why not have a look into the LUKS FAQ and the LUKS on disk
format spec? It has all the info. If it is really important to
you, then you can most definitely invest 1-2 hours reading
documentation and then ask any remaining questions...


On Tue, Mar 06, 2012 at 11:54:36AM +0530, ASHISH SINGHAI wrote:
> Hi,
> As per the PCI requirement 3 ? protect data at rest.
> They mention LUKS as a RH disk encryption that answers all PCI requirements.
> I got basic information regarding PCI DSS encryption solution in Red Hat.
> So we need some more information before implement LUKS.
> Note that PCI DSS asks in requirement 3.4.1 *
> 3.4.1 *If disk encryption is used (rather than file- or column-level
> database encryption), logical access must be managed independently of
> native operating system access control mechanisms (for example, by not
> using local user account databases). Decryption keys must not be tied to
> user accounts.
> Please reply as soon as possible with the answers for the following
> questions.
> 1.  Is this requirement satisfied by LUKS?
> 2.  How apps access these files? They need a separate password for that?
> 3.  Also, how encryption keys are stored? Where?
> this is very important for me.
> Please help
> Thanks and Regards,
> Ashish Singhai

> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 

More information about the dm-crypt mailing list