[OpenAFS-devel] configurable cryptosystem support
Marcus Watts
mdw@umich.edu
Thu, 18 Jan 2007 21:38:10 -0500
Dale Ghent <daleg@umbc.edu> writes:
...
> Dunno if this is exactly what you're looking for, but Solaris has
> SCF, the Solaris Crypto Framework which provides kernel-based crypto
> (either in hardware or as a software kernel driver) to both userland
> and kernel callers.
>
> http://www.sun.com/bigadmin/xperts/sessions/12_crypt/
>
> The programming interfaces are still undocumented, though... at least
> for userland, but the cryptoadm(1M) man page is a decent place to start.
...
Um, yes. Nope, that's not "kerberos 5". It's probably a perfectly
good underlying set of cryptographic primitives. The AES code there
presumably doesn't do ciphertext stealing, but that's a relatively
simple elaboration on cbc, which it does provide.
Sounds like documentation could be an issue. I hate to ask, but I
suppose I should -- are these actually "supported" interfaces despite
the lack of documentation?
-Marcus Watts