Dm-crypt: Difference between revisions
(→plain) |
(→LUKS) |
||
| Line 16: | Line 16: | ||
==LUKS== | ==LUKS== | ||
LUKS <tt>dm-crypt</tt> mode, used by default, is an additional convenience layer that stores all of the needed setup information for <tt>dm-crypt</tt> on the encrypted disk itself and abstracts partition and key management in an attempt to improve | LUKS <tt>dm-crypt</tt> mode, used by default, is an additional convenience layer that stores all of the needed setup information for <tt>dm-crypt</tt> on the encrypted disk itself and abstracts partition and key management in an attempt to improve ease of use and cryptographic security. With LUKS, encryption is implemented in kernel space. | ||
LUKS is the de-facto standard for block device encryption. The corresponding kernel modules are already shipped with the default kernel. It supports the following cyphers: AES, Anubis, CAST5/6, Twofish, Serpent, Camellia, Blowfish. | |||
It has support for multiple and independently revokable keys for the same encrypted data. | |||
==plain== | ==plain== | ||
Revision as of 07:11, 24 December 2018
Externa
Internal
Overview
dm-crypt is standard device mapper encryption functionality provided by the Linux kernel. The management of dm-crypt is done with cryptsetup userspace utility. dm-crypt allows for the following block-device encryption modes: LUKS and plain.
Block-Device Encryption Types
LUKS
LUKS dm-crypt mode, used by default, is an additional convenience layer that stores all of the needed setup information for dm-crypt on the encrypted disk itself and abstracts partition and key management in an attempt to improve ease of use and cryptographic security. With LUKS, encryption is implemented in kernel space.
LUKS is the de-facto standard for block device encryption. The corresponding kernel modules are already shipped with the default kernel. It supports the following cyphers: AES, Anubis, CAST5/6, Twofish, Serpent, Camellia, Blowfish.
It has support for multiple and independently revokable keys for the same encrypted data.
plain
"plain" dm-crypt mode is the original kernel functionality and does not employ the convenience layer.
cryptsetup
cryptsetup is the userspace utility used to manage the dm-crypt encryption functionality.