Ok, this took entirely too long, but I've finally gotten the whitepaper I wrote on the Solaris Cryptographic Framework published externally! Finally, in Solaris 10, access to optimized cryptographic algorithms are brought to the general user. Now you can read all about it on BigAdmin: Solaris Cryptographic Framework
Let me know what you think, or if you have any questions. There is also a Kernel API/SPI that is touched on briefly in the paper. We're working on stabilizing the kernel interfaces so we can publish those as well.
This paper also contains my first piece of externally published source code that I've written for Sun. It is a combination of Sun's strict c-style and RSA's PCKS#11 style. Certainly not the most challenging work I've done for Sun (that would be SunScreen's NAT or libpkcs11.so.1 itself). Go ahead and try it out on your s10 box now.
Keep It Simple, Keep It Safe
-
Much like land wars in Asia and dealing with your in-laws, ordering a cake
is all about keeping certain information to yourself.
You don't leak state sec...
This is great. Very informative. Maybe you can answer a question I've had for a while. I have a Sun Fire V240 with a Sun Crypto 500 accelerator. I'm running Solaris 10 (still build 72, sorry), and cryptoadm list doesn't list anything under hardware providers. Is the Crypto 500 supported natively by the Crypto Framework?
ReplyDeleteHi Derek -
ReplyDeleteYou're right - the Sun Crypto Accelerator 500 does not have a kCF driver out of the box for Solaris 10. The work has been done to make one available, but unfortunately I can't find any pointers to that online right now. I've got some feelers out on this, and I'll follow up as soon as I have some more useful information.
Thanks,
Valerie
Great. Thanks a lot! Do you know if a later update to Sol 10 will include the provider?
ReplyDeleteDerek -
ReplyDeleteThe provider is available here:
http://www.sun.com/download/products.xml?id=422e7576
It is bigger than before, because it now includes internationalized docs.
I don't expect it to be included with core Solaris, because it is optional hardware.
Also, there is a new feature in Update 1, the uCF metaslot, that may be of interest to you. I should post about that soon!
enjoy!
Valerie