On 08/29/2012 11:05 PM, Sridhar Manickam wrote: > Nikos, > > Thanks for your response. I have looked at the aes.c sample and have some > follow up questions > The executable aes runs fine even without me using the ncr-setkey to set the > master key, so does that mean the data encryption key is not encrypted with > the master key ?
The master key is only used to store and restore keys. If you don't do this operation and only generate fresh keys then you don't need a master key. Because storage doesn't exist in kernel space, when you want to save a key that is protected by ncr, the framework allows you to export them, but protected (encrypted and authenticated) with the master key. See the ioctls NCRIO_KEY_STORAGE_WRAP and NCRIO_KEY_STORAGE_UNWRAP. > Does the NCRIO_KEY_INIT generate a new symmetric key in the /dev/ncr space ? Yes. > Can you tell me what does NCRIO_KEY_IMPORT do ? You can import a raw key from userspace to the kernel space and use it as an NCR key. regards, Nikos _______________________________________________ Cryptodev-linux-devel mailing list Cryptodev-linux-devel@gna.org https://mail.gna.org/listinfo/cryptodev-linux-devel
