Re: [PATCH v3 0/2] crypto: ecdh - add privkey generation support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, May 30, 2017 at 05:52:47PM +0300, Tudor Ambarus wrote:
> Hi,
> 
> This patch set adds support for generating ecc private keys.
> ecc private keys are generated using the method of extra random bits,
> equivalent to that described in FIPS 186-4, Appendix B.4.1.
> 
> Generation of ecc private keys is helpful in a user-space to kernel
> ecdh offload because the keys are not revealed to user-space.
> 
> Private key generation is also helpful to implement forward secrecy.
> A public/private key system demonstrates the property of forward secrecy
> if it creates new key pairs for each communication session. These key pairs
> are generated on an as-needed basis and are destroyed after the session
> is over. If an attacker were to record previous encrypted session data,
> they wouldn't be able to decrypt it with possession of a long-term key.
> 
> There are crypto accelerators that are capable of generating and retaining
> ecdh private keys without revealing them to software. This patch set is a
> prerequisite for hardware ecdh with private key generation support.
> 
> Changes in v3:

All applied.  Thanks.
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux