blob: 8e80fcb8c3e2ac23faf810e21b76919430b78919 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
This is the linux-cryptodev [newapi] branch. Here a new API is being
designed. The ioctl() API is in ncr.h and the userspace in ncrypto.h.
For the new API to fully operate, root must load a system key (constant
per system) using the setkey program. After this stage the new API should
be fully operational. Example:
$ dd if=/dev/urandom of=/boot/key count=1 bs=16
$ chmod 600 /boot/key
$ userspace/ncr-setkey /boot/key
The main concept of the new API is disallow userspace applications
access to cryptographic keys. Operations should be possible (such
as encryption/decryption/signing/verifying), but raw access to the
keys will not be possible.
The old OpenBSD API via /dev/crypto device driver is still supported.
It was initially written for linux 2.6.8 by Michal Ludvig. Compatibility
fixes for *BSD cryptodev as well as porting to 2.6.27 blkcipher API
by Nikos Mavrogiannopoulos. Initial blkcipher async API porting by
Michael Weiser.
Maintained by Nikos Mavrogiannopoulos (nmav [at] gnutls [dot] org)
|
