On 08/21/2010 03:09 PM, Kyle Moffett wrote: >> This patch introduces the new user-space API, <ncr.h>. >> >> Quick overview: >> >> * open("/dev/crypto") to get a FD, which acts as a namespace for key and >> session identifiers. >> >> * ioctl(NCRIO_KEY_INIT) to allocate a key object; then generate the key >> material inside the kernel, load a plaintext key, unwrap a key, or >> derive a key. Similarly the key material can be copied out of the >> kernel or wrapped. >> >> [...snip...] > > Ugh... We already have one very nice key/keyring API in the kernel > (see Documentation/keys.txt) that's being used for crypto keys for > NFSv4, AFS, etc. Can't you just add a bunch of cryptoapi key types to > that API instead? It is not that simple. My understanding of the keyring API is that it allows exporting of the keys to user-space and this crypto API explicitly prevents that, so enhancing the API that way will remove the benefits of using it. It would be ideal to combine somehow those solutions but this is more elaborate work than adding a bunch of new key types. If anyone is interested in attempting that I'd be glad to help. regards, Nikos -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html