This is the linux-cryptodev NCR branch. The ioctl() API is in ncr.h.

For the new API to fully operate, root must load a system key (constant
per system) using the ncr-setkey program. After this stage the new API should
be fully operational. Example:
$ dd if=/dev/urandom of=/boot/key count=1 bs=16
$ chmod 600 /boot/key
$ userspace/ncr-setkey /boot/key

The main concept of the new API is disallow userspace applications
access to cryptographic keys. Operations should be possible (such
as encryption/decryption/signing/verifying), but raw access to the
keys will not be possible.



A compatibility API using OpenBSD's interface via /dev/crypto device driver 
is supported.


Maintained by Nikos Mavrogiannopoulos (nmav [at] gnutls [dot] org)