----- Original Message ---- > From: Frank Peters <frank.pet...@comcast.net> > I just installed Gentoo on a new Core i7 based machine. After doing a bit > of research on the best compile flags to use for this processor, I came > across the advice to enable the kernel cryptograhic API. It seems that > the kernel can make good use of the SSE 4.2 instruction set on the Core i7 > to do the cryptographic work. > > My system is mainly a desktop workstation that is used for business/home > functions such as word processing, database work, image processing, audio > processing, custom programming etc. There is no networking involved other > than a DHCP link to an ISP. > > I suppose that in my case the cryptographic API would be useless. Are the > kernel crypto routines used by any common software, or are they limited to > IPsec and other similar things? Does openssl or pz7ip use the crytpo API?
While I am not a kernel coder - that would be my suspicion - that the Crypto API is for any kind of cryptography inside the kernel. OpenSSL itself is a cryptographic API, and is platform independent, so no, it would not use the kernel API. You would likely really only need the Cryptographic API if you have hardware (e.g. "Trusted" Computing's TPM module), IPSec, MD5/SHA1 verification of kernel modules, kernel-mode encrypted file systems, etc. There's a lot of things that can make use of it in the API. The Kernel Configuration utility will auto-enable it if you need it. And as with most things in the kernel, if you don't know what it is - take the default. (See the help. Most things are usually "If you don't know what this is, then it is safe to disable it."). > If it is advisable for a desktop workstation to use the crypto API, what > specific routines should be enabled? There are a lot of individual routines > within the crypto API. See the help. Ben