How to select the right options in the Cryptographic API Kernel section?
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
How do I know, which Kernel modules in the Cryptographic API will be beneficial on my system?
How can I see, if I have software, which will use the Kernel API?
For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option? Who should enable it?
CONFIG_CRYPTO_RSA:
Generic implementation of the RSA public key algorithm.
Symbol: CRYPTO_RSA [=n]
Prompt: RSA algorithm
linux-kernel configuration kernel-modules cryptography api
asked Aug 19 at 12:40
Jonas Stein
1,03221033
add a comment |Â
up vote
1
down vote
favorite
How do I know, which Kernel modules in the Cryptographic API will be beneficial on my system?
How can I see, if I have software, which will use the Kernel API?
For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option? Who should enable it?
CONFIG_CRYPTO_RSA:
Generic implementation of the RSA public key algorithm.
Symbol: CRYPTO_RSA [=n]
Prompt: RSA algorithm
linux-kernel configuration kernel-modules cryptography api
asked Aug 19 at 12:40
Jonas Stein
1,03221033
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
How do I know, which Kernel modules in the Cryptographic API will be beneficial on my system?
How can I see, if I have software, which will use the Kernel API?
For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option? Who should enable it?
CONFIG_CRYPTO_RSA:
Generic implementation of the RSA public key algorithm.
Symbol: CRYPTO_RSA [=n]
Prompt: RSA algorithm
linux-kernel configuration kernel-modules cryptography api
asked Aug 19 at 12:40
Jonas Stein
1,03221033
How do I know, which Kernel modules in the Cryptographic API will be beneficial on my system?
How can I see, if I have software, which will use the Kernel API?
For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option? Who should enable it?
CONFIG_CRYPTO_RSA:
Generic implementation of the RSA public key algorithm.
Symbol: CRYPTO_RSA [=n]
Prompt: RSA algorithm
linux-kernel configuration kernel-modules cryptography api
linux-kernel configuration kernel-modules cryptography api
asked Aug 19 at 12:40
Jonas Stein
1,03221033
asked Aug 19 at 12:40
Jonas Stein
1,03221033
asked Aug 19 at 12:40
Jonas Stein
1,03221033
asked Aug 19 at 12:40
Jonas Stein
1,03221033
asked Aug 19 at 12:40
Jonas Stein
1,03221033
1,03221033
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option?
Nope.
The implementations that use generic or even CPU-specific instructions, are only of benefit to other kernel modules. They are not used by user programs.
Hardware acceleration is often provided by specialized CPU instructions; this is particularly true on x86 PCs. Userspace can use the same instructions without making a call into the kernel. This is the lowest overhead approach, which is particularly important when encrypting small messages.
If a kernel module absolutely requires a particular algorithm, I think it will select it automatically in most cases. If there is a choice of different crypto – like in IPsec – you may need to manually enable the specific algorithm you want to use.
Some system-on-a-chip CPUs include a crypto accelerator which requires a kernel driver. According to Cryptodev-linux, however, the interface provided by the current mainline kernels is even less efficient than it needs to be. My interpretation is these types of accelerator are not very favoured, at least by mainline Linux.
edited Aug 20 at 18:01
G-Man
11.8k92658
answered Aug 19 at 13:03
sourcejedi
20.1k42884
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option?
Nope.
The implementations that use generic or even CPU-specific instructions, are only of benefit to other kernel modules. They are not used by user programs.
Hardware acceleration is often provided by specialized CPU instructions; this is particularly true on x86 PCs. Userspace can use the same instructions without making a call into the kernel. This is the lowest overhead approach, which is particularly important when encrypting small messages.
If a kernel module absolutely requires a particular algorithm, I think it will select it automatically in most cases. If there is a choice of different crypto – like in IPsec – you may need to manually enable the specific algorithm you want to use.
Some system-on-a-chip CPUs include a crypto accelerator which requires a kernel driver. According to Cryptodev-linux, however, the interface provided by the current mainline kernels is even less efficient than it needs to be. My interpretation is these types of accelerator are not very favoured, at least by mainline Linux.
edited Aug 20 at 18:01
G-Man
11.8k92658
answered Aug 19 at 13:03
sourcejedi
20.1k42884
add a comment |Â
up vote
1
down vote
For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option?
Nope.
The implementations that use generic or even CPU-specific instructions, are only of benefit to other kernel modules. They are not used by user programs.
Hardware acceleration is often provided by specialized CPU instructions; this is particularly true on x86 PCs. Userspace can use the same instructions without making a call into the kernel. This is the lowest overhead approach, which is particularly important when encrypting small messages.
If a kernel module absolutely requires a particular algorithm, I think it will select it automatically in most cases. If there is a choice of different crypto – like in IPsec – you may need to manually enable the specific algorithm you want to use.
Some system-on-a-chip CPUs include a crypto accelerator which requires a kernel driver. According to Cryptodev-linux, however, the interface provided by the current mainline kernels is even less efficient than it needs to be. My interpretation is these types of accelerator are not very favoured, at least by mainline Linux.
edited Aug 20 at 18:01
G-Man
11.8k92658
answered Aug 19 at 13:03
sourcejedi
20.1k42884
add a comment |Â
up vote
1
down vote
up vote
1
down vote
For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option?
Nope.
The implementations that use generic or even CPU-specific instructions, are only of benefit to other kernel modules. They are not used by user programs.
Hardware acceleration is often provided by specialized CPU instructions; this is particularly true on x86 PCs. Userspace can use the same instructions without making a call into the kernel. This is the lowest overhead approach, which is particularly important when encrypting small messages.
If a kernel module absolutely requires a particular algorithm, I think it will select it automatically in most cases. If there is a choice of different crypto – like in IPsec – you may need to manually enable the specific algorithm you want to use.
Some system-on-a-chip CPUs include a crypto accelerator which requires a kernel driver. According to Cryptodev-linux, however, the interface provided by the current mainline kernels is even less efficient than it needs to be. My interpretation is these types of accelerator are not very favoured, at least by mainline Linux.
edited Aug 20 at 18:01
G-Man
11.8k92658
answered Aug 19 at 13:03
sourcejedi
20.1k42884
For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option?
Nope.
The implementations that use generic or even CPU-specific instructions, are only of benefit to other kernel modules. They are not used by user programs.
Hardware acceleration is often provided by specialized CPU instructions; this is particularly true on x86 PCs. Userspace can use the same instructions without making a call into the kernel. This is the lowest overhead approach, which is particularly important when encrypting small messages.
If a kernel module absolutely requires a particular algorithm, I think it will select it automatically in most cases. If there is a choice of different crypto – like in IPsec – you may need to manually enable the specific algorithm you want to use.
Some system-on-a-chip CPUs include a crypto accelerator which requires a kernel driver. According to Cryptodev-linux, however, the interface provided by the current mainline kernels is even less efficient than it needs to be. My interpretation is these types of accelerator are not very favoured, at least by mainline Linux.
edited Aug 20 at 18:01
G-Man
11.8k92658
answered Aug 19 at 13:03
sourcejedi
20.1k42884
edited Aug 20 at 18:01
G-Man
11.8k92658
edited Aug 20 at 18:01
G-Man
11.8k92658
edited Aug 20 at 18:01
G-Man
11.8k92658
11.8k92658
answered Aug 19 at 13:03
sourcejedi
20.1k42884
answered Aug 19 at 13:03
sourcejedi
20.1k42884
answered Aug 19 at 13:03
sourcejedi
20.1k42884
20.1k42884
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f463488%2fhow-to-select-the-right-options-in-the-cryptographic-api-kernel-section%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
