On Wednesday 16 July 2008 23:42:13 Thomas Cameron (Red Hat) wrote: > All - > > I have been asked if there is a way to incorporate Microsoft's PKI with > dm-crypt. The story here is that with Microsoft's disk encryption, you > can decrypt a directory using an organization key. An example is when > an employee leaves and does not tell anyone what his/her passphrase was. > I'm not sure if I get your question. There is no native support from Microsoft's PKI to dmcrypt and the other way. If you need a backup key for your disk encryption, you can backup the key. This is merely an organisational process. dm-crypt is a device encryption, EFS is based on files and directories. This is a different. If you would like to have features like EFS in Linux mayby eCryptfs (http://ecryptfs.sourceforge.net/) is the right thing for you. dm-crypt doesn't support x509, but you can use the certificates to encrypt the used key. > I know with LUKS it's easy to set up multiple passwords. But is there a > way to use an x509 certificate to set up access? Not direct, but you can use e.g. openssl to encrypt/decrypt a key with a x509 certificate and use this key for luks or native dm-crpyt. wof
Attachment:
signature.asc
Description: This is a digitally signed message part.
