Sanjay Agrawal wrote:
> Thanks Garrett.
> So I guess, answer to Q2 is Yes.
> For Q3 - NSS native support for PKCS11 means pure software
> implementation of cryptos with no h/w acceleration benefits, right ?
> So if my app uses NSS, presence of SCA6000 will not provide any
> benefit ?
No. NSS native support means that it can take a "driver" (a "module" in
PKCS#11 parlance) which implements crypto operations. The Solaris
framework implements a PKCS#11 module that supports full hardware offload.
You will get hardware acceleration.
-- Garrett
>
> - sanjay
>
>
> Garrett D'Amore wrote:
>> Sanjay Agrawal wrote:
>>> I have some questions on Sun's crypto card and Solaris crypto
>>> framework:
>>>
>>> 1) What's the s/w interface for SCA6000 crypto card ? Can someone
>>> send me Pointer to docs describing the software architecture and
>>> interfaces ? I have looked at SCA6000 doc - it does not cover s/w.
>>> 2) Do apps necessarily need to use SCF for taking advantage of
>>> SCA6000 ? In other words, is Solaris Crypto framework the only way
>>> to use SCA6000 on Solaris ?
>>> 3) Can and do NSS libraries on Solaris make use of SCA6000 - If so
>>> how ?
>>>
>>
>> The answer to your questions is "PKCS#11". SCA6000 supports PKCS#11
>> through the crypto framework. PKCS#11 is a portable industry
>> standard for cryptographic module providers, and NSS has native
>> support for it.
>>
>> I believe you can use OpenSSL as well -- it was supported with older
>> SCA products at least, though I don't know about the SCA6000.
>> OpenSSL is required for Apache and certain other free software.
>>
>> -- Garrett
>>> Thanks,
>>> - sanjay
>>>
>>>
>>>
>>> _______________________________________________
>>> crypto-discuss mailing list
>>> crypto-discuss at opensolaris.org
>>> http://mail.opensolaris.org/mailman/listinfo/crypto-discuss
>>>
>>
>
