Hi, The Linux kernel exports a network interface of type AF_ALG to allow user space to utilize the kernel crypto API. libkcapi uses this network interface and exports an easy to use API so that a developer does not need to consider the low-level network interface handling.
The library does not implement any low level cipher algorithms. All consumer requests are sent to the kernel for processing. Results from the kernel crypto API are returned to the consumer via the library API. The kernel interface and therefore this library can be used by unprivileged processes. By using the convenience API functions, one API call performs one complete cipher operation. The library code archive also provides a drop-in replacement for the command line tools of sha*sum, fipscheck/fipshmac and sha512hmac. It also contains command line tools to use the hashing, symmetric ciphers and random number generation on the command line. The source code and the documentation is available at .  http://www.chronox.de/libkcapi.html Changes 1.1.0 * API Enhancement: Addition of kcapi_handle_reinit * Fix: simplify code by removing the internal *_fd functions from kcapi-kernel-if.c * Fix: add a loop around the read system call to always obtain all generated data * Fix: use host compiler for compiling docproc (reported by Christophe LEROY, fixed by Björn Esser) * Fix: make error handling of hashing applications consistent with coreutils applications (reported by Christophe LEROY) * Fix: support for zero length files (patched by Ondrej Mosnáček) * Fix: support for zero message hashes on kernels <= 4.9 (patched by Ondrej Mosnáček) * Fix: Add Travis CI test system provided by Ondrej Mosnáček * Fix: Add several fixes to kcapi-hasher by Ondrej Mosnáček * Fix: Add additional tests for kcapi-hasher by Ondrej Mosnáček * Fix: Apply unpadding only to last block of data by Ondrej Mosnáček * Fix: Fix resource leaks in error code paths suggested by Ondrej Mosnáček * Enhancement: achieve hmaccalc CLI equivalence by Ondrej Mosnáček Ciao Stephan