Notes on Using OpenSSL
Notes on Using OpenSSL
Oracle Solaris provides cryptographic libraries for SPARC M12 systems. These libraries can be used by using the PKCS11 engine of OpenSSL. For details, see the man pages openssl(5), engine(3openssl), and evp(3openssl).
Please note:
Please note:
- The PKCS11 engine is the only way in OpenSSL to obtain the acceleration of cryptographic functions from the encryption arithmetic unit of the SPARC64 XII processor.
- The implementation of the PKCS11 engine for OpenSSL in Oracle Solaris requires the enabling of the EVP model for digest and encryption methods supported by engine.- The following digest methods have been optimized for the SPARC64 XII processor:
SHA1, SHA224, SHA256, SHA384, SHA512- The following encryption methods have been optimized for the SPARC64 XII processor:
DES-CBC, DES-EDE3-CBC, DES-ECB, DES-EDE3
AES-128-CBC, AES-192-CBC, AES-256-CBC
AES-128-ECB, AES-192-ECB, AES-256-ECB
AES-128-CTR, AES-192-CTR, AES-256-CTR
The command in the following example calls the accelerated AES-256-CBC method on the SPARC64 XII processor.
| # openssl speed -engine pkcs11 -evp AES-256-CBC |
- - The following public key encryption methods have been optimized for the SPARC64 XII processor, from Oracle Solaris 11.2.
RSA512, RSA1024, RSA2048
DSA512, DSA1024, DSA2048
The command in the following example invokes the RSA2048 method optimized for the SPARC64 XII processor.
| # openssl speed -engine pkcs11 rsa2048 |
- To use the optimized digest method or encryption method in the PKCS11 engine with an application using the OpenSSL library (libssl, libcrypto), enable the EVP interface explained in evp(3openssl).
< Previous Page | Next Page >