| Line 22: | Line 22: | ||
== Detailed Description == | == Detailed Description == | ||
The /dev/crypto is a special device which is currently in development for the upstream kernel inclusion. This device allows user space applications to directly call the cryptographic routines that are part of the Linux kernel code. Similar device is available also on other kernels. | |||
Separation of the cryptographic primitives into the kernel allows fulfilling the requirements of the new U.S. Government standards (such as FIPS-140-3) in regards to the implementation and usage of the cryptographic algorithms on general purpose operating systems. | |||
This separation allows isolation of the private and secret keys from the user space applications so these critical security parameters (CSP) are not leaked in case the user space applications are for example exploited by malicious users. It also allows proper auditing of any administrative manipulation with these CSP. | |||
== Benefit to Fedora == | == Benefit to Fedora == | ||
Revision as of 07:22, 13 July 2010
Feature: Dev Crypto Userspace API
Summary
Allow the user space applications directly or indirectly through existing crypto libraries interfacing with the kernel crypto implementation.
Owner
- Name: Tomáš Mráz
- Email: tmraz AT redhat DOT com
Current status
- Targeted release: Fedora XX
- Last updated: 2010-07-13
- Percentage of completion: 5%
Detailed Description
The /dev/crypto is a special device which is currently in development for the upstream kernel inclusion. This device allows user space applications to directly call the cryptographic routines that are part of the Linux kernel code. Similar device is available also on other kernels.
Separation of the cryptographic primitives into the kernel allows fulfilling the requirements of the new U.S. Government standards (such as FIPS-140-3) in regards to the implementation and usage of the cryptographic algorithms on general purpose operating systems.
This separation allows isolation of the private and secret keys from the user space applications so these critical security parameters (CSP) are not leaked in case the user space applications are for example exploited by malicious users. It also allows proper auditing of any administrative manipulation with these CSP.