Introduction to LUKS
Linux Unified Key Setup (LUKS) is a specification for block device encryption. It establishes an on-disk format for the data, as well as a `passphrase/key` management policy.
LUKS uses the kernel device mapper subsystem with the `dm-crypt` module. This arrangement provides a low-level mapping that handles encryption and decryption of the device data. You can use the `cryptsetup` utility to perform user-level operations such as creating and accessing encrypted devices.
What LUKS does
LUKS encrypts entire block devices and is therefore well-suited for protecting the contents of mobile devices such as removable storage media or laptop disk drives.
The underlying contents of the encrypted block device are arbitrary. This makes it useful for encrypting [command]`swap` devices. This can also be useful with certain databases that use specially formatted block devices for data storage.
LUKS uses the existing device mapper kernel subsystem.
LUKS provides passphrase strengthening which protects against dictionary attacks.
LUKS devices contain multiple key slots, allowing users to add backup keys or passphrases.
What LUKS does *not* do
LUKS is not well-suited for applications requiring more than eight users to have distinct access keys to the same device.
LUKS is not well-suited for applications requiring file-level encryption.