diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-10-21 19:57:39 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-10-21 19:57:39 +0200 |
commit | 968e93d1c8b1f51d810e22b9243a2cb24d85137a (patch) | |
tree | 670f5d600f4a0c9644f4e616d480aeef93100985 /doc | |
parent | 6c9d650db4571d2b5fbf3586ae75c7faa92e494d (diff) | |
download | gnutls-968e93d1c8b1f51d810e22b9243a2cb24d85137a.tar.gz |
Mention key protection through isolation in crypto backend section
Diffstat (limited to 'doc')
-rw-r--r-- | doc/cha-internals.texi | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/cha-internals.texi b/doc/cha-internals.texi index daf5f362d3..2fdf977a15 100644 --- a/doc/cha-internals.texi +++ b/doc/cha-internals.texi @@ -430,6 +430,7 @@ at some point in your program. @node Cryptographic Backend @section Cryptographic Backend + Today most new processors, either for embedded or desktop systems include either instructions intended to speed up cryptographic operations, or a co-processor with cryptographic capabilities. Taking advantage of @@ -509,3 +510,9 @@ Those registration functions will only replace the specified algorithm and leave the rest of subsystem intact. +@subheading Protecting keys through isolation + +For asymmetric or public keys, GnuTLS supports PKCS #11 which allows +operation without access to long term keys, in addition to CPU offloading. +For more information see @ref{Hardware security modules and abstract key types}. + |