libkcapi: First release of kernel crypto API userspace library

From: Stephan Mueller
Date: Sat Nov 08 2014 - 20:18:40 EST


The Linux kernel exports a Netlink interface of type AF_ALG to allow user
space to utilize the kernel crypto API.

libkcapi uses this Netlink interface and exports easy to use APIs so that
a developer does not need to consider the low-level Netlink interface
handling. Its first release is available at [1].

The library does not implement any cipher algorithms. All consumer requests
are sent to the kernel for processing. Results from the kernel crypto API
are returned to the consumer via the library API.

The kernel interface and therefore this library can be used by unprivileged
processes. As the library is small, it may even be included directly into a
consuming application instead of using it as a shared library.

The library together with the kernel allows the use of symmetric ciphers as
well as message digests and keyed message digests. Patches are prepared for
submission to LKML to allow AEAD ciphers and RNGs to be used from userspace.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at