Hi Marcel,
On 10/26/2015 09:54 PM, Marcel Holtmann wrote:
> after having discussions with David Howells and David Woodhouse, I don't 
> think we should expose akcipher via AF_ALG at all. I think the akcipher 
> operations for sign/verify/encrypt/decrypt should operate on asymmetric keys 
> in the first place. With akcipher you are pretty much bound to public and 
> private keys and the key is the important part and not the akcipher itself. 
> Especially since we want to support private keys in hardware (like TPM for 
> example).
> 
> It seems more appropriate to use keyctl to derive the symmetric session key 
> from your asymmetric key. And then use the symmetric session key id with 
> skcipher via AF_ALG. Especially once symmetric key type has been introduced 
> this seems to be trivial then.
> 
> I am not really in favor of having two userspace facing APIs for asymmetric 
> cipher usage. And we need to have an API that is capable to work with 
> hardware keys.

The main use case for algif_akcipher will be to allow a web server, which needs 
to handle
tens of thousand TLS handshakes per second, to offload the RSA operation to a 
HW accelerator.
Do you think we can use keyctl for this?
Thanks,
T
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to