Also what is the MAX size of the Master key that can be set ? -----Original Message----- From: Sridhar Manickam Sent: Tuesday, September 04, 2012 6:00 PM To: 'cryptodev-linux-devel@gna.org' Cc: 'Nikos Mavrogiannopoulos' Subject: RE: [Cryptodev-linux-devel] Using /dev/ncr
Nikos, I was able to get the samples for STORE WRAP & STORE UNWRAP working. Thanks for your help. What is minimum Linux Kernel version that is needed to support the /dev/ncr ? Thanks, -Sridhar -----Original Message----- From: Sridhar Manickam Sent: Wednesday, August 29, 2012 5:06 PM To: 'cryptodev-linux-devel@gna.org' Cc: 'Nikos Mavrogiannopoulos' Subject: RE: [Cryptodev-linux-devel] Using /dev/ncr Nikos, Thanks for your response. I have looked at the aes.c sample and have some follow up questions The executable aes runs fine even without me using the ncr-setkey to set the master key, so does that mean the data encryption key is not encrypted with the master key ? Does the NCRIO_KEY_INIT generate a new symmetric key in the /dev/ncr space ? Can you tell me what does NCRIO_KEY_IMPORT do ? The only part of the code that I seem to understand is the NCR_OP_ENCRYPT where you are using the data encryption key to encrypt the plain text and compare the cipher text size with a pre-defined cipher text and if matches then encryption is successful. If I have generated a key outside of the crypto device how do I protect that key using the master key set using ncr-setkey ? Thanks, -Sridhar -----Original Message----- From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopou...@gmail.com] On Behalf Of Nikos Mavrogiannopoulos Sent: Saturday, August 18, 2012 3:43 AM To: Sridhar Manickam Cc: cryptodev-linux-devel@gna.org Subject: Re: [Cryptodev-linux-devel] Using /dev/ncr On 08/17/2012 06:45 PM, Sridhar Manickam wrote: > Hi, > > My expertise with C on Linux is quiet rusty. What we were looking for > is a mechanism to store a Master key in Linux which is strongly > protected and I came across the crypto-dev project and thought using > the /dev/ncr to store the master key is a good way to go. But I am > unable to find a good source of documentation on how to use the API. > What we want to do it set the Master key using the ncr-setkey utility > and from there on use this key for encryption or decryption. The > sample code in aes.c looks like it generates a secret key and uses it > for encryption, how can I use the Master key that I set using > (ncr-setkey) for cryptography. Any sample code or pointers to > documentation will be helpful. Unfortunately this is not how it works. The ncr-setkey sets the master key which is used to encrypt/decrypt keys that are stored in the filesystem. The aes and rsa examples demonstrate how to generate and store keys. There is no documentation, but a high level description can be found at: https://www.cosic.esat.kuleuven.be/publications/article-2001.pdf regards, Nikos _______________________________________________ Cryptodev-linux-devel mailing list Cryptodev-linux-devel@gna.org https://mail.gna.org/listinfo/cryptodev-linux-devel
