The new CryptoAPI offers three major enhancements to the Linux kernel, namely

• Kernel-based IPsec support

• Device Mapper crypto target

• Future crypto extensibility

IPsec is a collection of authentication and encryption protocols designed to extend IP and provide security to upper layer traffic. In previous Linux versions, IPsec was provided through the installation of additional software like FreeS/WAN (now

StrongSwan or Openswan). The inclusion of this functionality in the 2.6 kernel represents a significant enhancement and brings Linux on a par with other operating systems that offer the capability "out of the box."

The next enhancement is the Device Mapper infrastructure in the kernel. This requires a kernel version greater than 2.6.4. It provides a much cleaner and more fully featured virtual layer over block devices that can be used for striping, mirroring, snapshots, and so on. With the dm-crypt device mapper target (dm-crypt), you have transparent encryption/decryption using the new Crypto API. Basically the user can specify a symmetric cipher, a key, and an IV generation mode and create a new block device in /dev. Any writes will be encrypted and reads will be decrypted. You can mount the device as normal, but you aren't able to access it without the key. The key can be found under Device Drivers I Multi-device Support (RAID and LVM). You employ userspace tools called dmsetup and cryptsetup to create, delete, reload, and query block devices. These tools provide similar functionality to cryptoloop but do it via more efficient code and a better user interface.

Finally, the CryptoAPI provides a solid foundation for the development of future enhancements to the cryptographic capabilities of the Linux kernel, which brings it on a par with other operating systems in this area.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook

Post a comment