Cryproc — CryptoAPI access through the /proc filesystem
Cryproc is module for the Linux 2.6 kernel which allows user space programs to access the kernel's cryptographic functions. When loaded, the module creates a file called "cryproc" in the /proc filesystem. Applications can open this file read-write and, using a special protocol described in the README, instruct the kernel to perform some of the functions the CryptoAPI provides. A sample application for performing this operation, cryproc-tool, is provided.
The CryptoAPI provides three categories of algorithms, also called transforms or tfm's: message digests, ciphers and compression (see "Compression" for a list of caveats associated with compression algorithms). Support for the routines used must be compiled into the kernel or available as a module in order for Cryproc to work. Unfortunately, there seems to be no easy way of finding out which algorithms are supported on a particular machine, other than looking at the kernel's config file. The file /proc/crypto lists only those tranforms, which are compiled-in or whose modules are already loaded into the kernel.
Using cryptographic functions supported by the kernel instead of user space programs may be advantageous to security, since a running kernel is usually harder to tamper with than regular user-space software or libraries.
Cryproc is distributed under the terms of GNU General Public License (GPL).