Friday, April 1, 2005

Solaris Cryptographic Framework Whitepaper published!

Ok, this took entirely too long, but I've finally gotten the whitepaper I wrote on the Solaris Cryptographic Framework published externally! Finally, in Solaris 10, access to optimized cryptographic algorithms are brought to the general user. Now you can read all about it on BigAdmin: Solaris Cryptographic Framework

Let me know what you think, or if you have any questions. There is also a Kernel API/SPI that is touched on briefly in the paper. We're working on stabilizing the kernel interfaces so we can publish those as well.

This paper also contains my first piece of externally published source code that I've written for Sun. It is a combination of Sun's strict c-style and RSA's PCKS#11 style. Certainly not the most challenging work I've done for Sun (that would be SunScreen's NAT or itself). Go ahead and try it out on your s10 box now.


  1. This is great. Very informative. Maybe you can answer a question I've had for a while. I have a Sun Fire V240 with a Sun Crypto 500 accelerator. I'm running Solaris 10 (still build 72, sorry), and cryptoadm list doesn't list anything under hardware providers. Is the Crypto 500 supported natively by the Crypto Framework?

  2. Hi Derek -
    You're right - the Sun Crypto Accelerator 500 does not have a kCF driver out of the box for Solaris 10. The work has been done to make one available, but unfortunately I can't find any pointers to that online right now. I've got some feelers out on this, and I'll follow up as soon as I have some more useful information.

  3. Great. Thanks a lot! Do you know if a later update to Sol 10 will include the provider?

  4. Derek -
    The provider is available here:
    It is bigger than before, because it now includes internationalized docs.
    I don't expect it to be included with core Solaris, because it is optional hardware.
    Also, there is a new feature in Update 1, the uCF metaslot, that may be of interest to you. I should post about that soon!