[erlang-questions] crypto EVP transition

Maas-Maarten Zeeman mmzeeman@REDACTED
Sun Mar 29 11:06:21 CEST 2015


The openssl api documentations mentions this about using the low-level implementations.

"Although low level algorithm specific functions exist for many algorithms their use is discouraged. They cannot be used with an ENGINE and ENGINE versions of new algorithms cannot be accessed using the low level functions. Also makes code harder to adapt to new algorithms and some options are not cleanly supported at the low level and some operations are more efficient using the high level interface.”

and

"All the symmetric algorithms (ciphers), digests and asymmetric algorithms (public key algorithms) can be replaced by ENGINE modules providing alternative implementations. If ENGINE implementations of ciphers or digests are registered as defaults, then the various EVP functions will automatically use those implementations automatically in preference to built in software implementations. For more information, consult the engine(3) man page.”

AES-NI for openssl is an engine implementation, another example is VIA padlock or specialized hardware boards.

By using the evp “envelope” layer of openssl you can use all available ciphers in openssl and its engine implementations without adding new nif functions. 

To me that seems the most logical way to handle things.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150329/a2fa1ef0/attachment.htm>


More information about the erlang-questions mailing list