dm-crypt (EN)

Architecture

dm-crypt is the kernel component that performs the actual block-level encryption and serves as the foundation for LUKS. This technology works directly with the disk device files and encrypts data transparently to the operating system. It supports various encryption algorithms and modes and is managed through the Linux kernel's Device Mapper subsystem. dm-crypt forms the technical basis on which LUKS builds as a user-friendly metadata layer.

Data Flow

flowchart LR   A[Application] --> B[Filesystem]   B --> C[dm-crypt]   C --> D[Block device]   D --> E[Physical hard drive]      subgraph Encryption     C -->|Encrypt| F[Encryption algorithm]     F -->|Key| G[Key storage]   end 

In Context

• Typically used together with LUKS, cryptsetup and Device Mapper
• Related to: LUKS, Device Mapper, Full disk encryption, Hard disk encryption
• Example use: Encryption of entire hard drives, partitions or filesystems