Hi, why not have a look into the LUKS FAQ and the LUKS on disk format spec? It has all the info. If it is really important to you, then you can most definitely invest 1-2 hours reading documentation and then ask any remaining questions... Arno On Tue, Mar 06, 2012 at 11:54:36AM +0530, ASHISH SINGHAI wrote: > Hi, > > As per the PCI requirement 3 ? protect data at rest. > > They mention LUKS as a RH disk encryption that answers all PCI requirements. > I got basic information regarding PCI DSS encryption solution in Red Hat. > > So we need some more information before implement LUKS. > > Note that PCI DSS asks in requirement 3.4.1 * > 3.4.1 *If disk encryption is used (rather than file- or column-level > database encryption), logical access must be managed independently of > native operating system access control mechanisms (for example, by not > using local user account databases). Decryption keys must not be tied to > user accounts. > > > Please reply as soon as possible with the answers for the following > questions. > > 1. Is this requirement satisfied by LUKS? > > 2. How apps access these files? They need a separate password for that? > > 3. Also, how encryption keys are stored? Where? > > > this is very important for me. > > Please help > > > Thanks and Regards, > > Ashish Singhai > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt