Hi Stephan, >>> The first part is clearly where AF_ALG fits and keyctl does not. This is >>> provided with the current patch set. As the keyctl API only handles, well, >>> keys, access to the raw ciphers may not be possible through this API. And >>> let us face it, a lot of user space code shall support many different >>> OSes. Thus, if you have a crypto lib in user space who has its own key >>> management (which is a core element of such libraries and thus cannot be >>> put into an architecture-dependent code part), having only the keyctl API >>> on Linux for accelerated asym support may not be helpful. >> >> That argument is just non-sense. > > How interesting. For example, what about NSS with its own key database? a lot of applications create their own key or certificate database. It also means they need to reload and reload them over and over again for each process. A lot of things are possible, but why keep doing things more complicated than they need to be. As I said before, if you only have a hammer .. Regards Marcel