AES-NI, symmetric key generation

Maricel Gregoraschko maricelgregoraschko at yahoo.com
Tue Mar 10 20:39:45 CET 2015 

Thanks Werner.On Windows, you mean on each drive letter, in the root directory? (e.g. c:\hwf.deny, d:\hwf.deny, etc.?).Also would there be a way to make gpg display which hardware features are being used when encrypting/decrypting (to confirm that the deny file was correctly placed and actually had an effect)? Thank you.
      From: Werner Koch <wk at gnupg.org>
 To: Andre Heinecke <aheinecke at intevation.de> 
Cc: gnupg-users at gnupg.org; Maricel Gregoraschko <maricelgregoraschko at yahoo.com> 
 Sent: Tuesday, March 10, 2015 10:58 AM
 Subject: Re: AES-NI, symmetric key generation
   
On Tue, 10 Mar 2015 10:05, aheinecke at intevation.de said:



>> Also is there any
>> option to turn hardware acceleration on or off at runtime? 

You can globally disable certain hardware features: Create a file

--8<---------------cut here---------------start------------->8---
# We do not want to use AES-NI
intel-aesni
--8<---------------cut here---------------end--------------->8---

and store it as /etc/gcrypt/hwf.deny . This should work also on Windows
if you copy that file to every drive.  The list of hardware
features in the current development version is:

    { HWF_PADLOCK_RNG, "padlock-rng" },
    { HWF_PADLOCK_AES, "padlock-aes" },
    { HWF_PADLOCK_SHA, "padlock-sha" },
    { HWF_PADLOCK_MMUL,"padlock-mmul"},
    { HWF_INTEL_CPU,  "intel-cpu" },
    { HWF_INTEL_BMI2,  "intel-bmi2" },
    { HWF_INTEL_SSSE3, "intel-ssse3" },
    { HWF_INTEL_PCLMUL,"intel-pclmul" },
    { HWF_INTEL_AESNI, "intel-aesni" },
    { HWF_INTEL_RDRAND,"intel-rdrand" },
    { HWF_INTEL_AVX,  "intel-avx" },
    { HWF_INTEL_AVX2,  "intel-avx2" },
    { HWF_ARM_NEON,    "arm-neon" }

Libgcrypt 1.6 has less features.

BTW, I just pushed a change for 2.1 to show the used Libgcrypt
configuration:

--8<---------------cut here---------------start------------->8---
$ gpg --list-gcrypt-config
version:1.6.3-beta12:
ciphers:arcfour:blowfish:cast5:des:aes:twofish:serpent:rfc2268:seed:camellia:idea:salsa20:gost28147:
pubkeys:dsa:elgamal:rsa:ecc:
digests:crc:gostr3411-94:md4:md5:rmd160:sha1:sha256:sha512:tiger:whirlpool:stribog:
rnd-mod:linux:
cpu-arch:x86:
mpi-asm:amd64/mpih-add1.S:amd64/mpih-sub1.S:amd64/mpih-mul1.S:amd64/mpih-mul2.S:amd64/mpih-mul3.S:amd64/mpih-lshift.S:amd64/mpih-rshift.S:
threads:none:
hwflist:intel-cpu:intel-ssse3:intel-pclmul:intel-aesni:intel-avx:
fips-mode:n:n:
rng-type:standard:1:
--8<---------------cut here---------------end--------------->8---


Shalom-Salam,

  Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150310/a23f1f8a/attachment.html>

More information about the Gnupg-users mailing list