AES-NI, symmetric key generation
Werner Koch
wk at gnupg.org
Tue Mar 10 15:58:05 CET 2015
On Tue, 10 Mar 2015 10:05, aheinecke at intevation.de said:
>> Also is there any
>> option to turn hardware acceleration on or off at runtime?
You can globally disable certain hardware features: Create a file
--8<---------------cut here---------------start------------->8---
# We do not want to use AES-NI
intel-aesni
--8<---------------cut here---------------end--------------->8---
and store it as /etc/gcrypt/hwf.deny . This should work also on Windows
if you copy that file to every drive. The list of hardware
features in the current development version is:
{ HWF_PADLOCK_RNG, "padlock-rng" },
{ HWF_PADLOCK_AES, "padlock-aes" },
{ HWF_PADLOCK_SHA, "padlock-sha" },
{ HWF_PADLOCK_MMUL,"padlock-mmul"},
{ HWF_INTEL_CPU, "intel-cpu" },
{ HWF_INTEL_BMI2, "intel-bmi2" },
{ HWF_INTEL_SSSE3, "intel-ssse3" },
{ HWF_INTEL_PCLMUL,"intel-pclmul" },
{ HWF_INTEL_AESNI, "intel-aesni" },
{ HWF_INTEL_RDRAND,"intel-rdrand" },
{ HWF_INTEL_AVX, "intel-avx" },
{ HWF_INTEL_AVX2, "intel-avx2" },
{ HWF_ARM_NEON, "arm-neon" }
Libgcrypt 1.6 has less features.
BTW, I just pushed a change for 2.1 to show the used Libgcrypt
configuration:
--8<---------------cut here---------------start------------->8---
$ gpg --list-gcrypt-config
version:1.6.3-beta12:
ciphers:arcfour:blowfish:cast5:des:aes:twofish:serpent:rfc2268:seed:camellia:idea:salsa20:gost28147:
pubkeys:dsa:elgamal:rsa:ecc:
digests:crc:gostr3411-94:md4:md5:rmd160:sha1:sha256:sha512:tiger:whirlpool:stribog:
rnd-mod:linux:
cpu-arch:x86:
mpi-asm:amd64/mpih-add1.S:amd64/mpih-sub1.S:amd64/mpih-mul1.S:amd64/mpih-mul2.S:amd64/mpih-mul3.S:amd64/mpih-lshift.S:amd64/mpih-rshift.S:
threads:none:
hwflist:intel-cpu:intel-ssse3:intel-pclmul:intel-aesni:intel-avx:
fips-mode:n:n:
rng-type:standard:1:
--8<---------------cut here---------------end--------------->8---
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list