Sun Crypto Accelerator 1000 Board Version 2.0 Installation and User's Guide Table Of ContentsPrevious ChapterNext ChapterBook Index


A P P E N D I X  B
Building OpenSSL Applications for Use With the Sun Crypto Accelerator 1000 Board

The Solaris 10 Operating System includes OpenSSL libraries. They are /usr/sfw/lib/libcrypto.so and /usr/sfw/lib/libssl.so for 32-bit applications and /usr/sfw/lib/sparcv9/libcrypto.so and /usr/sfw/lib/sparcv9/libssl.so for 64-bit applications. A PKCS#11 OpenSSL engine (with identifier pkcs11) is provided in libcrypto.so. This engine bridges OpenSSL applications and the Sun Crypto Accelerator 1000 through the PKCS#11 interface provided by the Solaris Cryptographic Framework.

OpenSSL applications should use the PKCS#11 engine through the standard OpenSSL engine interface. The OpenSSL engine interface, along with sample code, is documented in great detail on the OpenSSL web site http://www.openssl.org/docs/crypto/engine.html. To use the PKCS#11 engine, the applications are required to use libcrypto.so on Solaris 10.

The following command provides simple information on the PKCS#11 OpenSSL engine. 


% /usr/sfw/bin/openssl engine pkcs11

(pkcs11) PKCS #11 engine support

Another example is the OpenSSL speed program which is available also on Solaris 10 Operating System. The following is a sample usage of this program and its output. 


% /usr/sfw/bin/openssl speed -engine pkcs11 rsa1024

engine "pkcs11" set.

Doing 1024 bit private rsa's for 10s: 5246 1024 bit private RSA's in 0.13s

Doing 1024 bit public rsa's for 10s: 47666 1024 bit public RSA's in 0.90s

OpenSSL 0.9.7d 17 Mar 2004

built on: date not available

options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) 

compiler: information not available

available timing options: TIMES TIMEB HZ=100 [sysconf value]

timing function used: times

                  sign    verify    sign/s verify/s

rsa 1024 bits   0.0000s   0.0000s  40353.8  52962.2

This example tests RSA operations with 1024-bit keys and one process for 10 seconds. Note that for more accurate timing test, the user should use the -multi option of the OpenSSL speed program.

The user may check the Sun Crypto Accelerator 1000 usage by using the following command before and after running the OpenSSL speed program. 


% kstat -n dca0 | grep rsa



  Sun Crypto Accelerator 1000 Board Version 2.0 Installation and User's Guide 819-0425-11 Table Of ContentsPrevious ChapterNext ChapterBook Index


Copyright © 2005, Sun Microsystems, Inc. All Rights Reserved.