AES-NI, symmetric key generation

Werner Koch wk at gnupg.org
Tue Mar 10 15:58:05 CET 2015


On Tue, 10 Mar 2015 10:05, aheinecke at intevation.de said:

>> Also is there any
>> option to turn hardware acceleration on or off at runtime? 

You can globally disable certain hardware features: Create a file

--8<---------------cut here---------------start------------->8---
# We do not want to use AES-NI
intel-aesni
--8<---------------cut here---------------end--------------->8---

and store it as /etc/gcrypt/hwf.deny . This should work also on Windows
if you copy that file to every drive.  The list of hardware
features in the current development version is:

    { HWF_PADLOCK_RNG, "padlock-rng" },
    { HWF_PADLOCK_AES, "padlock-aes" },
    { HWF_PADLOCK_SHA, "padlock-sha" },
    { HWF_PADLOCK_MMUL,"padlock-mmul"},
    { HWF_INTEL_CPU,   "intel-cpu" },
    { HWF_INTEL_BMI2,  "intel-bmi2" },
    { HWF_INTEL_SSSE3, "intel-ssse3" },
    { HWF_INTEL_PCLMUL,"intel-pclmul" },
    { HWF_INTEL_AESNI, "intel-aesni" },
    { HWF_INTEL_RDRAND,"intel-rdrand" },
    { HWF_INTEL_AVX,   "intel-avx" },
    { HWF_INTEL_AVX2,  "intel-avx2" },
    { HWF_ARM_NEON,    "arm-neon" }

Libgcrypt 1.6 has less features.

BTW, I just pushed a change for 2.1 to show the used Libgcrypt
configuration:

--8<---------------cut here---------------start------------->8---
$ gpg --list-gcrypt-config
version:1.6.3-beta12:
ciphers:arcfour:blowfish:cast5:des:aes:twofish:serpent:rfc2268:seed:camellia:idea:salsa20:gost28147:
pubkeys:dsa:elgamal:rsa:ecc:
digests:crc:gostr3411-94:md4:md5:rmd160:sha1:sha256:sha512:tiger:whirlpool:stribog:
rnd-mod:linux:
cpu-arch:x86:
mpi-asm:amd64/mpih-add1.S:amd64/mpih-sub1.S:amd64/mpih-mul1.S:amd64/mpih-mul2.S:amd64/mpih-mul3.S:amd64/mpih-lshift.S:amd64/mpih-rshift.S:
threads:none:
hwflist:intel-cpu:intel-ssse3:intel-pclmul:intel-aesni:intel-avx:
fips-mode:n:n:
rng-type:standard:1:
--8<---------------cut here---------------end--------------->8---


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list