Hi Marcel, On 10/26/2015 09:54 PM, Marcel Holtmann wrote: > after having discussions with David Howells and David Woodhouse, I don't > think we should expose akcipher via AF_ALG at all. I think the akcipher > operations for sign/verify/encrypt/decrypt should operate on asymmetric keys > in the first place. With akcipher you are pretty much bound to public and > private keys and the key is the important part and not the akcipher itself. > Especially since we want to support private keys in hardware (like TPM for > example). > > It seems more appropriate to use keyctl to derive the symmetric session key > from your asymmetric key. And then use the symmetric session key id with > skcipher via AF_ALG. Especially once symmetric key type has been introduced > this seems to be trivial then. > > I am not really in favor of having two userspace facing APIs for asymmetric > cipher usage. And we need to have an API that is capable to work with > hardware keys.
The main use case for algif_akcipher will be to allow a web server, which needs to handle tens of thousand TLS handshakes per second, to offload the RSA operation to a HW accelerator. Do you think we can use keyctl for this? Thanks, T -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
