You might wanna check http://cryptsetup.googlecode.com/svn/trunk/docs/on-disk-format.pdf And all your questions will be answered. Aside from that the FAQ: http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions Might help to clarify the remaining questions While LUKS is ascheme for key management and on disk storage of the keys, dm-crypt (dm target) is responsible for the encryption itself. Regards -Sven On Tue, March 6, 2012 07:24, ASHISH SINGHAI wrote: > Hi, > > As per the PCI requirement 3 – protect data at rest. > > They mention LUKS as a RH disk encryption that answers all PCI > requirements. > I got basic information regarding PCI DSS encryption solution in Red Hat. > > So we need some more information before implement LUKS. > > Note that PCI DSS asks in requirement 3.4.1 * > 3.4.1 *If disk encryption is used (rather than file- or column-level > database encryption), logical access must be managed independently of > native operating system access control mechanisms (for example, by not > using local user account databases). Decryption keys must not be tied to > user accounts. > > > Please reply as soon as possible with the answers for the following > questions. > > 1. Is this requirement satisfied by LUKS? > > 2. How apps access these files? They need a separate password for that? > > 3. Also, how encryption keys are stored? Where? > > > this is very important for me. > > Please help > > > Thanks and Regards, > > Ashish Singhai > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
