01:08:51
End-to-end encryption is the method of choice to protect data stored on a disk. It ensures that the owner of the data also owns the encryption keys and thus controls the access to his or her data once it has left the operating system. Dm-crypt is the most popular method for encrypting Linux disks. Using IBM Z CPACF protected keys with dm-crypt the keys to protect dm-crypt volumes can be protected from being stolen and used outside of the system that generated the keys. This extra level of security is a key feature of Pervasive Encryption. This presentation shows how to use dm-crypt with protected keys, discusses different encryption formats, covers some best practices on using dm-crypt and describes key management using the zkey key repository.