diff options
Diffstat (limited to 'README')
| -rw-r--r-- | README | 27 |
1 files changed, 16 insertions, 11 deletions
@@ -1,25 +1,30 @@ -This is the linux-cryptodev [newapi] branch. Here a new API is being -designed. The ioctl() API is in ncr.h and the userspace in ncrypto.h. +=== NCR API === + +This is the linux-cryptodev NCR branch. The ioctl() API is in ncr.h. For the new API to fully operate, root must load a system key (constant -per system) using the setkey program. After this stage the new API should +per system) using the ncr-setkey program. After this stage the new API should be fully operational. Example: $ dd if=/dev/urandom of=/boot/key count=1 bs=16 $ chmod 600 /boot/key $ userspace/ncr-setkey /boot/key The main concept of the new API is disallow userspace applications -access to cryptographic keys. Operations should be possible (such -as encryption/decryption/signing/verifying), but raw access to the -keys will not be possible. +access to cryptographic keys. Operations are possible (such as +encryption/decryption/signing/verifying), but raw access to the +keys is not be possible. + + +=== OpenBSD crypto compatibility === + +A compatibility API using OpenBSD's interface via /dev/crypto device driver +is supported. This enables access to kernel space cipher implementations +and hardware accelerators. -The old OpenBSD API via /dev/crypto device driver is still supported. +For questions and suggestions please use the mailing lists at: +http://home.gna.org/cryptodev-linux/lists.html -It was initially written for linux 2.6.8 by Michal Ludvig. Compatibility -fixes for *BSD cryptodev as well as porting to 2.6.27 blkcipher API -by Nikos Mavrogiannopoulos. Initial blkcipher async API porting by -Michael Weiser. Maintained by Nikos Mavrogiannopoulos (nmav [at] gnutls [dot] org) |