> ccrowley> Another question that I have after reading a cached copy of > ccrowley> http://www.james.rcpt.to/2001/sun-crypto/ on google, I > ccrowley> learned that these crypto cards only handle the Public key > ccrowley> side of the SSL connection to Apache clients. > > That's really interesting, because that would mean it could only be > used for encryption and signature verification. Quite useless in my > opinion. And no, the cswift card isn't restricted to only operations > with the public key. > > Or do I misunderstand what you mean?
I think that your understanding is correct. This is an excerpt from the article I referenced earlier: <SNIP From http://www.google.com/search?q=cache:58fZvH6QI7IC:www.james.rcpt.to/2001/sun -crypto/+rainbow+crypto+card&hl=en > The next important thing to know is what the card can accelerate for you. Doing SSL to a web site actually uses two different types of cryptography. The initial is a public key exchange; this is because this is the only feasible way of doing public encryption without a shared secret. After this has been done, we THEN use a shared secret: symmetric key encryption. The Sun Crypto Accelerator Board 1 will only help you with one part of the encryption: the public key stuff. Once a symmetric key has been passwd between both parties, it is not used on this connection any more. </SNIP> Plus, the sun specifications indicate that it does modular exponentiation. These don't seem to me to include symmetric-key ciphers. <SNIP From http://www.sun.com/products-n-solutions/hw/networking/connectivity/suncrypto accel1/> Cryptographic Functions * Modular exponentiation functions, including DH, DSA, RSA, and raw modular Exponentiation * RSA Public Key w/CRT key lengths of 384 bit * RSA modulus length increments of 128 bit * RSA private key w/CRT performance of 4.95 ms/operation at 1024 bit </SNIP> I don't have any good data on the cswift card yet. I will post it when I get it. Chris ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
