Linux Unified Key Setup is a disk encryption specification for Linux.
Linux Unified Key Setup is a disk encryption specification for Linux.
Customer Reviews
Administrator in Information Technology and Services
Advanced user of The Linux Unified Key Setupmost disk encryption software implements different and incompatible, undocumented formats, LUKS specifies a platform-independent standard on-disk format for use in various tools. This not only facilitates compatibility and interoperability among different programs, but also assures that they all implement password management in a secure and documented manner
disadvantage — if the master key is not a trusted key, the encrypted key is only as secure as the user key used to encrypt it.
none so far
Linux Unified Key Setup-on-disk-format (or LUKS) allows you to encrypt partitions on your Linux computer. This is particularly important when it comes to mobile computers and removable media. LUKS allows multiple user keys to decrypt a master key, which is used for the bulk encryption of the partition.
What LUKS does
LUKS encrypts entire block devices and is therefore well-suited for protecting the contents of mobile devices such as removable storage media or laptop disk drives.
The underlying contents of the encrypted block device are arbitrary. This makes it useful for encrypting swap devices. This can also be useful with certain databases that use specially formatted block devices for data storage.
LUKS uses the existing device mapper kernel subsystem.
LUKS provides passphrase strengthening which protects against dictionary attacks.
LUKS devices contain multiple key slots, allowing users to add backup keys or passphrases.
Trusted and encrypted keys are variable-length symmetric keys generated by the kernel that utilize the kernel keyring service. The fact that the keys never appear in user space in an unencrypted form means that their integrity can be verified, which in turn means that they can be used, for example, by the extended verification module (EVM) to verify and confirm the integrity of a running system. User-level programs can only ever access the keys in the form of encrypted blobs.