How to install libkcapi on Ubuntu?

Install build dependencies like autotools and libtool, then run autoreconf -i, ./configure with options like --prefix=/usr, make, and sudo make install. Refer to the README for specific --enable flags to include tools like kcapi-enc.

Is libkcapi faster than OpenSSL for encryption?

Yes, libkcapi often outperforms OpenSSL for operations like AES encryption due to its zero-copy design and kernel-level processing. However, OpenSSL offers more features, so the choice depends on your need for speed versus functionality.

What kernel patches are needed for libkcapi DH support?

To enable Diffie-Hellman (DH) or ECDH with --enable-lib-kpp, apply patches from the kernel-patches directory to your Linux kernel. This is required because upstream kernels may lack these interfaces, as noted in the README.

Can I use libkcapi in a Docker container?

Yes, libkcapi can be used in Docker containers running Linux, but ensure the kernel has the required crypto API support and any necessary patches. Unprivileged access allows it to run without elevated privileges in containers.

How to integrate libkcapi into my C project without linking?

Copy specific source files like kcapi-sym.c and headers directly into your project, as described in the integration section. This avoids dynamic linking and minimizes dependencies, but requires compiling the code with your project.

Does libkcapi support SHA-3 hashing?

Yes, libkcapi supports SHA-3 via tools like sha3sum and the kcapi_md API, as mentioned in the applications list. It relies on the kernel's crypto API for implementation, ensuring compatibility with Linux distributions.

Is libkcapi good for embedded Linux systems?

Yes, its minimal dependencies and performance focus make it suitable for embedded Linux, especially in resource-constrained environments. However, kernel compatibility and patching requirements should be verified for your specific hardware.

Open-Awesome

libkcapi

NOASSERTIONCv1.5.0

A user-space library providing high-performance access to the Linux kernel crypto API via Netlink.

Visit Website GitHub

195 stars78 forks0 contributors

What is libkcapi?

libkcapi is a user-space interface library that provides access to the Linux kernel's cryptographic API via Netlink. It allows applications to perform cryptographic operations (e.g., encryption, hashing, random number generation) directly through the kernel, eliminating the need for user-space crypto implementations. The library focuses on high performance by avoiding memory copies and offering a simple API.

Target Audience

Linux developers and system programmers who need efficient, kernel-backed cryptographic operations in user-space applications, particularly those building security tools, utilities, or embedded systems.

Value Proposition

Developers choose libkcapi for its zero-copy design, which maximizes performance, and its direct integration with the Linux kernel crypto API, ensuring reliability and consistency. It also provides drop-in replacements for common tools like OpenSSL and coreutils, simplifying deployment.

Overview

Linux Kernel Crypto API User Space Interface Library

Use Cases

Best For

Building high-performance cryptographic applications on Linux
Replacing OpenSSL command-line tools with kernel-backed alternatives
Implementing kernel-based random number generation in user-space
Developing security utilities with minimal dependencies
Integrating cryptographic functions into embedded Linux systems
Creating lightweight CLI tools for hashing and encryption

Not Ideal For

Cross-platform projects targeting macOS, Windows, or other non-Linux operating systems
Applications requiring high-level cryptographic protocols like TLS/SSL or SSH built-in
Environments where applying kernel patches for asymmetric cipher support is not feasible
Teams needing extensive documentation, tutorials, or large community support for quick adoption

Pros & Cons

Pros

Kernel-Backed Performance

All cryptographic operations are processed by the Linux kernel, ensuring consistency and leveraging kernel-side optimizations, as highlighted in the README's focus on speed and kernel integration.

Zero-Copy Design

Uses scatter/gather lists to avoid memory copies during data processing, maximizing performance for cryptographic operations, which is a core philosophy stated in the README.

Minimal Dependencies

Only requires the C library and kernel, with no external dependencies, allowing easy integration or direct source copying into projects, as described in the integration section.

Drop-in Tool Replacements

Includes command-line tools like kcapi-enc and sha256sum that mimic coreutils and OpenSSL utilities, simplifying deployment for common tasks without additional software.

Cons

Linux-Exclusive Limitation

Tied specifically to the Linux kernel crypto API via Netlink, making it unusable on other operating systems like macOS or Windows, limiting portability.

Kernel Patch Complexity

Features like asymmetric ciphers require applying patches from the kernel-patches directory, adding setup overhead and maintenance challenges, as admitted in the README.

Limited High-Level Features

Focuses on low-level cryptographic operations (e.g., ciphers, hashes) and lacks built-in support for protocols like TLS or advanced abstractions found in libraries like OpenSSL.

API Stability Risks

With major version zero, the API is not considered stable and can change without warning, as per the versioning schema, potentially causing breaking changes for early adopters.

Open Source Alternative To

libkcapi is an open-source alternative to the following products:

coreutils

coreutils is a collection of GNU core utilities providing essential command-line tools like ls, cp, and cat for Unix-like systems.

OpenSSL

OpenSSL is a robust, full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, providing cryptographic libraries and command-line tools.

Frequently Asked Questions

Related Projects

OpenSSL

General purpose TLS and crypto library

Stars30,238

Forks11,285

Last commit2 days ago

xxHash

Extremely fast non-cryptographic hash algorithm

Stars11,047

Forks900

Last commit1 month ago

tiny-AES128-C

Small portable AES128/192/256 in C

Stars4,960

Forks1,388

Last commit1 year ago

s2n

An implementation of the TLS/SSL protocols

Stars4,728

Forks781

Last commit2 days ago

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub

libkcapi

NOASSERTIONCv1.5.0

A user-space library providing high-performance access to the Linux kernel crypto API via Netlink.

Visit Website GitHub

195 stars78 forks0 contributors

What is libkcapi?

Target Audience

Value Proposition

Overview

Linux Kernel Crypto API User Space Interface Library

Use Cases

Best For

Building high-performance cryptographic applications on Linux
Replacing OpenSSL command-line tools with kernel-backed alternatives
Implementing kernel-based random number generation in user-space
Developing security utilities with minimal dependencies
Integrating cryptographic functions into embedded Linux systems
Creating lightweight CLI tools for hashing and encryption

Not Ideal For

Cross-platform projects targeting macOS, Windows, or other non-Linux operating systems
Applications requiring high-level cryptographic protocols like TLS/SSL or SSH built-in
Environments where applying kernel patches for asymmetric cipher support is not feasible
Teams needing extensive documentation, tutorials, or large community support for quick adoption

Pros & Cons

Pros

Kernel-Backed Performance

All cryptographic operations are processed by the Linux kernel, ensuring consistency and leveraging kernel-side optimizations, as highlighted in the README's focus on speed and kernel integration.

Zero-Copy Design

Uses scatter/gather lists to avoid memory copies during data processing, maximizing performance for cryptographic operations, which is a core philosophy stated in the README.

Minimal Dependencies

Only requires the C library and kernel, with no external dependencies, allowing easy integration or direct source copying into projects, as described in the integration section.

Drop-in Tool Replacements

Includes command-line tools like kcapi-enc and sha256sum that mimic coreutils and OpenSSL utilities, simplifying deployment for common tasks without additional software.

Cons

Linux-Exclusive Limitation

Tied specifically to the Linux kernel crypto API via Netlink, making it unusable on other operating systems like macOS or Windows, limiting portability.

Kernel Patch Complexity

Features like asymmetric ciphers require applying patches from the kernel-patches directory, adding setup overhead and maintenance challenges, as admitted in the README.

Limited High-Level Features

Focuses on low-level cryptographic operations (e.g., ciphers, hashes) and lacks built-in support for protocols like TLS or advanced abstractions found in libraries like OpenSSL.

API Stability Risks

With major version zero, the API is not considered stable and can change without warning, as per the versioning schema, potentially causing breaking changes for early adopters.

Open Source Alternative To

libkcapi is an open-source alternative to the following products:

coreutils

coreutils is a collection of GNU core utilities providing essential command-line tools like ls, cp, and cat for Unix-like systems.

OpenSSL

OpenSSL is a robust, full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, providing cryptographic libraries and command-line tools.