1 |
----- Original Message ---- |
2 |
|
3 |
> From: Frank Peters <frank.peters@×××××××.net> |
4 |
> I just installed Gentoo on a new Core i7 based machine. After doing a bit |
5 |
> of research on the best compile flags to use for this processor, I came |
6 |
> across the advice to enable the kernel cryptograhic API. It seems that |
7 |
> the kernel can make good use of the SSE 4.2 instruction set on the Core i7 |
8 |
> to do the cryptographic work. |
9 |
> |
10 |
> My system is mainly a desktop workstation that is used for business/home |
11 |
> functions such as word processing, database work, image processing, audio |
12 |
> processing, custom programming etc. There is no networking involved other |
13 |
> than a DHCP link to an ISP. |
14 |
> |
15 |
> I suppose that in my case the cryptographic API would be useless. Are the |
16 |
> kernel crypto routines used by any common software, or are they limited to |
17 |
> IPsec and other similar things? Does openssl or pz7ip use the crytpo API? |
18 |
|
19 |
While I am not a kernel coder - that would be my suspicion - that the Crypto API |
20 |
is for any kind of cryptography inside the kernel. |
21 |
OpenSSL itself is a cryptographic API, and is platform independent, so no, it |
22 |
would not use the kernel API. |
23 |
|
24 |
You would likely really only need the Cryptographic API if you have hardware |
25 |
(e.g. "Trusted" Computing's TPM module), IPSec, MD5/SHA1 verification of kernel |
26 |
modules, kernel-mode encrypted file systems, etc. |
27 |
There's a lot of things that can make use of it in the API. The Kernel |
28 |
Configuration utility will auto-enable it if you need it. |
29 |
|
30 |
And as with most things in the kernel, if you don't know what it is - take the |
31 |
default. (See the help. Most things are usually "If you don't know what this is, |
32 |
then it is safe to disable it."). |
33 |
|
34 |
> If it is advisable for a desktop workstation to use the crypto API, what |
35 |
> specific routines should be enabled? There are a lot of individual routines |
36 |
> within the crypto API. |
37 |
|
38 |
See the help. |
39 |
|
40 |
Ben |