Cryproc — CryptoAPI access through the /proc filesystem

Cryproc is module for the Linux 2.6 kernel which allows user space programs to access the kernel's cryptographic functions. When loaded, the module creates a file called "cryproc" in the /proc filesystem. Applications can open this file read-write and, using a special protocol described in the README, instruct the kernel to perform some of the functions the CryptoAPI provides. A sample application for performing this operation, cryproc-tool, is provided.

The CryptoAPI provides three categories of algorithms, also called transforms or tfm's: message digests, ciphers and compression (see "Compression" for a list of caveats associated with compression algorithms). Support for the routines used must be compiled into the kernel or available as a module in order for Cryproc to work. Unfortunately, there seems to be no easy way of finding out which algorithms are supported on a particular machine, other than looking at the kernel's config file. The file /proc/crypto lists only those tranforms, which are compiled-in or whose modules are already loaded into the kernel.

Using cryptographic functions supported by the kernel instead of user space programs may be advantageous to security, since a running kernel is usually harder to tamper with than regular user-space software or libraries.

Cryproc is distributed under the terms of GNU General Public License (GPL).

For more information, visit the Cryproc homepage (hosted by sourceforge).

From the homepage of Michał Kosmulski,
Unless indicated otherwise, all content © 2004-2018 Michał Kosmulski. All rights reserved.