How to select the right options in the Cryptographic API Kernel section?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












How do I know, which Kernel modules in the Cryptographic API will be beneficial on my system?



How can I see, if I have software, which will use the Kernel API?
For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option? Who should enable it?



CONFIG_CRYPTO_RSA:
Generic implementation of the RSA public key algorithm.
Symbol: CRYPTO_RSA [=n]
Prompt: RSA algorithm









share|improve this question

























    up vote
    1
    down vote

    favorite












    How do I know, which Kernel modules in the Cryptographic API will be beneficial on my system?



    How can I see, if I have software, which will use the Kernel API?
    For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option? Who should enable it?



    CONFIG_CRYPTO_RSA:
    Generic implementation of the RSA public key algorithm.
    Symbol: CRYPTO_RSA [=n]
    Prompt: RSA algorithm









    share|improve this question























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      How do I know, which Kernel modules in the Cryptographic API will be beneficial on my system?



      How can I see, if I have software, which will use the Kernel API?
      For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option? Who should enable it?



      CONFIG_CRYPTO_RSA:
      Generic implementation of the RSA public key algorithm.
      Symbol: CRYPTO_RSA [=n]
      Prompt: RSA algorithm









      share|improve this question













      How do I know, which Kernel modules in the Cryptographic API will be beneficial on my system?



      How can I see, if I have software, which will use the Kernel API?
      For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option? Who should enable it?



      CONFIG_CRYPTO_RSA:
      Generic implementation of the RSA public key algorithm.
      Symbol: CRYPTO_RSA [=n]
      Prompt: RSA algorithm






      linux-kernel configuration kernel-modules cryptography api






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Aug 19 at 12:40









      Jonas Stein

      1,03221033




      1,03221033




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          1
          down vote














          For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option?




          Nope.



          The implementations that use generic or even CPU-specific instructions, are only of benefit to other kernel modules. They are not used by user programs.



          Hardware acceleration is often provided by specialized CPU instructions; this is particularly true on x86 PCs. Userspace can use the same instructions without making a call into the kernel. This is the lowest overhead approach, which is particularly important when encrypting small messages.



          If a kernel module absolutely requires a particular algorithm, I think it will select it automatically in most cases. If there is a choice of different crypto – like in IPsec – you may need to manually enable the specific algorithm you want to use.



          Some system-on-a-chip CPUs include a crypto accelerator which requires a kernel driver. According to Cryptodev-linux, however, the interface provided by the current mainline kernels is even less efficient than it needs to be. My interpretation is these types of accelerator are not very favoured, at least by mainline Linux.






          share|improve this answer






















            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f463488%2fhow-to-select-the-right-options-in-the-cryptographic-api-kernel-section%23new-answer', 'question_page');

            );

            Post as a guest






























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            1
            down vote














            For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option?




            Nope.



            The implementations that use generic or even CPU-specific instructions, are only of benefit to other kernel modules. They are not used by user programs.



            Hardware acceleration is often provided by specialized CPU instructions; this is particularly true on x86 PCs. Userspace can use the same instructions without making a call into the kernel. This is the lowest overhead approach, which is particularly important when encrypting small messages.



            If a kernel module absolutely requires a particular algorithm, I think it will select it automatically in most cases. If there is a choice of different crypto – like in IPsec – you may need to manually enable the specific algorithm you want to use.



            Some system-on-a-chip CPUs include a crypto accelerator which requires a kernel driver. According to Cryptodev-linux, however, the interface provided by the current mainline kernels is even less efficient than it needs to be. My interpretation is these types of accelerator are not very favoured, at least by mainline Linux.






            share|improve this answer


























              up vote
              1
              down vote














              For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option?




              Nope.



              The implementations that use generic or even CPU-specific instructions, are only of benefit to other kernel modules. They are not used by user programs.



              Hardware acceleration is often provided by specialized CPU instructions; this is particularly true on x86 PCs. Userspace can use the same instructions without making a call into the kernel. This is the lowest overhead approach, which is particularly important when encrypting small messages.



              If a kernel module absolutely requires a particular algorithm, I think it will select it automatically in most cases. If there is a choice of different crypto – like in IPsec – you may need to manually enable the specific algorithm you want to use.



              Some system-on-a-chip CPUs include a crypto accelerator which requires a kernel driver. According to Cryptodev-linux, however, the interface provided by the current mainline kernels is even less efficient than it needs to be. My interpretation is these types of accelerator are not very favoured, at least by mainline Linux.






              share|improve this answer
























                up vote
                1
                down vote










                up vote
                1
                down vote










                For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option?




                Nope.



                The implementations that use generic or even CPU-specific instructions, are only of benefit to other kernel modules. They are not used by user programs.



                Hardware acceleration is often provided by specialized CPU instructions; this is particularly true on x86 PCs. Userspace can use the same instructions without making a call into the kernel. This is the lowest overhead approach, which is particularly important when encrypting small messages.



                If a kernel module absolutely requires a particular algorithm, I think it will select it automatically in most cases. If there is a choice of different crypto – like in IPsec – you may need to manually enable the specific algorithm you want to use.



                Some system-on-a-chip CPUs include a crypto accelerator which requires a kernel driver. According to Cryptodev-linux, however, the interface provided by the current mainline kernels is even less efficient than it needs to be. My interpretation is these types of accelerator are not very favoured, at least by mainline Linux.






                share|improve this answer















                For example I use often RSA, but will my RSA related software be more secure, or faster, if I enable the following option?




                Nope.



                The implementations that use generic or even CPU-specific instructions, are only of benefit to other kernel modules. They are not used by user programs.



                Hardware acceleration is often provided by specialized CPU instructions; this is particularly true on x86 PCs. Userspace can use the same instructions without making a call into the kernel. This is the lowest overhead approach, which is particularly important when encrypting small messages.



                If a kernel module absolutely requires a particular algorithm, I think it will select it automatically in most cases. If there is a choice of different crypto – like in IPsec – you may need to manually enable the specific algorithm you want to use.



                Some system-on-a-chip CPUs include a crypto accelerator which requires a kernel driver. According to Cryptodev-linux, however, the interface provided by the current mainline kernels is even less efficient than it needs to be. My interpretation is these types of accelerator are not very favoured, at least by mainline Linux.







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Aug 20 at 18:01









                G-Man

                11.8k92658




                11.8k92658










                answered Aug 19 at 13:03









                sourcejedi

                20.1k42884




                20.1k42884



























                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f463488%2fhow-to-select-the-right-options-in-the-cryptographic-api-kernel-section%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?