CentOS - Dec 2014 - Asymmetric encryption for very large tar file

On Fri, Dec 19, 2014 at 2:40 PM, Brian Mathis
<brian.mathis+centos at betteradmin.com> wrote:
>
>
> GPG is really what you want to be using for this.  OpenSSL is a general
> toolkit that provide a lot of good functions, but you need to cobble some
> things together yourself.  GPG is meant to handle all of the other parts of
> dealing with files.
>
> I will expand on what someone else mentioned -- asymmetric encryption is
> not meant for, and has very poor performance for encrypting data, and also
> has a lot of limitations.  The correct way to handle this is to create a
> symmetric key and use that to encrypt the data, then use asymmetric
> encryption to encrypt only the symmetric key.
>
> GPG takes care of this all internally, so that's what you should be
using.
>
Will GPG use the intel aes hardware acceleration - in the version
available for Centos5?

-- 
   Les Mikesell
      lesmikesell at gmail.com

On Fri, Dec 19, 2014 at 3:48 PM, Les Mikesell <lesmikesell at gmail.com>
wrote:
> On Fri, Dec 19, 2014 at 2:40 PM, Brian Mathis
> <brian.mathis+centos at betteradmin.com> wrote:
> >
> >
> > GPG is really what you want to be using for this.  OpenSSL is a
general
> > toolkit that provide a lot of good functions, but you need to cobble
some
> > things together yourself.  GPG is meant to handle all of the other
parts
> of
> > dealing with files.
> >
> > I will expand on what someone else mentioned -- asymmetric encryption
is
> > not meant for, and has very poor performance for encrypting data, and
> also
> > has a lot of limitations.  The correct way to handle this is to create
a
> > symmetric key and use that to encrypt the data, then use asymmetric
> > encryption to encrypt only the symmetric key.
> >
> > GPG takes care of this all internally, so that's what you should
be
> using.
> >
>
> Will GPG use the intel aes hardware acceleration - in the version
> available for Centos5?
>
> --
>    Les Mikesell
>

It doesn't appear to be available for any program running on CentOS 5.
    https://www.centos.org/forums/viewtopic.php?t=17713


? Brian Mathis
@orev

On 12/19/2014 1:22 PM, Brian Mathis wrote:
> It doesn't appear to be available for any program running on CentOS 5.
>      https://www.centos.org/forums/viewtopic.php?t=17713
that article is only talking about openssl...  openssh, gpg, and others 
use their own crypto implementations.

not centos/rhel specific, but..  Intel claims OpenSSL v1.0 has direct 
support, 0.9.8k+ has support via a patch.

-- 
john r pierce                                      37N 122W
somewhere on the middle of the left coast