2019-01-23 End-to-end Encryption of Data at Rest for Linux on IBM Z and LinuxONE

2019-01-23 End-to-end Encryption of Data at Rest for Linux on IBM Z and LinuxONE 

Tue May 05, 2020 03:21 PM

End-to-end encryption is the method of choice to protect data stored on a disk. It ensures that the owner of the data also owns the encryption keys and thus controls the access to his or her data once it has left the operating system. Dm-crypt is the most popular method for encrypting Linux disks. Using IBM Z CPACF protected keys with dm-crypt the keys to protect dm-crypt volumes can be protected from being stolen and used outside of the system that generated the keys. This extra level of security is a key feature of Pervasive Encryption. This presentation shows how to use dm-crypt with protected keys, discusses different encryption formats, covers some best practices on using dm-crypt and describes key management using the zkey key repository.

Attachment(s)
pdf file
WC19E2EDatREncr4LoZ_v6.pdf   1.10 MB   1 version
Uploaded - Tue May 05, 2020