What do you want to know about LUKS and/or dm-crypt?
A little while ago I began putting together a knowledge-base article to cover a thorough (but basic) introduction to dm-crypt/cryptsetup + LUKS, because I couldn't find ANYTHING. We have some great documentation but it doesn't make clear the things I wanted to explain to my customers.
So this started as a mid-sized KCS article -- What is LUKS disk encryption and how can it be implemented? -- and then evolved into two pieces: the short KCS article with a few links and the larger All about LUKS, cryptsetup, and dm-crypt article that is linked from there.
I'd like to get some feedback on that larger article. Is it clear? Did you learn new things from it? Are there any big holes in what it covers? Anything cool that you'd like to add to it?
Thanks!
Responses
It'd probably be good to cover things like key-management/recovery options (i.e., best practices for ensuring you can still recover data from a large, encrypted partition even if someone blows up your keyfiles). Might also be worth covering topics like data-at-rest versus data-in-transit encryption options. Would also suggest exploring backups of encrypted devices (i.e., do you back up the mounted device - sending the decrypted data over the wire to your backup servers) or do you back up the underlying encrypted device (ensuring that data sent to your backup system stays encrypted) - discussing the relative merits of each with respect to impacts on performance, end-to-end security, recoverability and deduplication.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
