[Cryptography] libkcapi: First release of kernel crypto API userspace library

Stephan Mueller smueller at chronox.de
Sat Nov 8 20:18:28 EST 2014


The Linux kernel exports a Netlink interface of type AF_ALG to allow user
space to utilize the kernel crypto API.

libkcapi uses this Netlink interface and exports easy to use APIs so that
a developer does not need to consider the low-level Netlink interface 
handling. Its first release is available at [1].

The library does not implement any cipher algorithms. All consumer requests
are sent to the kernel for processing. Results from the kernel crypto API
are returned to the consumer via the library API.

The kernel interface and therefore this library can be used by unprivileged
processes. As the library is small, it may even be included directly into a 
consuming application instead of using it as a shared library.

The library together with the kernel allows the use of symmetric ciphers as 
well as message digests and keyed message digests. Patches are prepared for 
submission to LKML to allow AEAD ciphers and RNGs to be used from userspace.

[1] http://www.chronox.de/libkcapi.html


More information about the cryptography mailing list