| 1 |
----- Original Message ---- |
| 2 |
|
| 3 |
> From: Frank Peters <frank.peters@×××××××.net> |
| 4 |
> I just installed Gentoo on a new Core i7 based machine. After doing a bit |
| 5 |
> of research on the best compile flags to use for this processor, I came |
| 6 |
> across the advice to enable the kernel cryptograhic API. It seems that |
| 7 |
> the kernel can make good use of the SSE 4.2 instruction set on the Core i7 |
| 8 |
> to do the cryptographic work. |
| 9 |
> |
| 10 |
> My system is mainly a desktop workstation that is used for business/home |
| 11 |
> functions such as word processing, database work, image processing, audio |
| 12 |
> processing, custom programming etc. There is no networking involved other |
| 13 |
> than a DHCP link to an ISP. |
| 14 |
> |
| 15 |
> I suppose that in my case the cryptographic API would be useless. Are the |
| 16 |
> kernel crypto routines used by any common software, or are they limited to |
| 17 |
> IPsec and other similar things? Does openssl or pz7ip use the crytpo API? |
| 18 |
|
| 19 |
While I am not a kernel coder - that would be my suspicion - that the Crypto API |
| 20 |
is for any kind of cryptography inside the kernel. |
| 21 |
OpenSSL itself is a cryptographic API, and is platform independent, so no, it |
| 22 |
would not use the kernel API. |
| 23 |
|
| 24 |
You would likely really only need the Cryptographic API if you have hardware |
| 25 |
(e.g. "Trusted" Computing's TPM module), IPSec, MD5/SHA1 verification of kernel |
| 26 |
modules, kernel-mode encrypted file systems, etc. |
| 27 |
There's a lot of things that can make use of it in the API. The Kernel |
| 28 |
Configuration utility will auto-enable it if you need it. |
| 29 |
|
| 30 |
And as with most things in the kernel, if you don't know what it is - take the |
| 31 |
default. (See the help. Most things are usually "If you don't know what this is, |
| 32 |
then it is safe to disable it."). |
| 33 |
|
| 34 |
> If it is advisable for a desktop workstation to use the crypto API, what |
| 35 |
> specific routines should be enabled? There are a lot of individual routines |
| 36 |
> within the crypto API. |
| 37 |
|
| 38 |
See the help. |
| 39 |
|
| 40 |
Ben |
Archives