Login
- Table of Contents
-
- 10-Security Configuration Guide
- 00-Preface
- 01-AAA configuration
- 02-Password control configuration
- 03-Public key management configuration
- 04-PKI configuration
- 05-IPsec configuration
- 06-SSH configuration
- 07-IP source guard configuration
- 08-ARP attack protection configuration
- 09-uRPF configuration
- 10-SSL configuration
- 11-Crypto engine configuration
- 12-FIPS configuration
- 13-Portal configuration
- 14-MACsec configuration
- 15-Attack detection and prevention configuration
- 16-Object group configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 11-Crypto engine configuration | 57.46 KB |
Overview
Crypto engines encrypt and decrypt data for service modules. Crypto engines include the following types:
· Hardware crypto engines—A hardware crypto engine is a coprocessor integrated on a CPU or hardware crypto card. Hardware crypto engines can accelerate encryption/decryption speed, which improves device processing efficiency. You can enable or disable hardware crypto engines globally as needed.
· Software crypto engines—A software crypto engine is a set of software encryption algorithms. The device uses software crypto engines to encrypt and decrypt data for service modules. They are always enabled. You cannot enable or disable software crypto engines.
If you disable hardware crypto engines, the device uses only software crypto engines for data encryption/decryption. If you enable hardware crypto engines, the device preferentially uses hardware crypto engines. If the device does not support hardware crypto engines, or if the hardware crypto engines do not support the required encryption algorithm, the device uses software crypto engines for data encryption/decryption.
Crypto engines provide encryption/decryption services for service modules, for example, the IPsec module. When a service module requires data encryption/decryption, it sends the desired data to a crypto engine. After the crypto engine completes data encryption/decryption, it sends the data back to the service module.
The device supports only software crypto engines.
Displaying and maintaining crypto engines
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
Display information about crypto engines. |
display crypto-engine |
|
Display statistics for crypto engines (in standalone mode). |
display crypto-engine statistics [ engine-id engine-id slot slot-number [ cpu cpu-number ] ] |
|
Display statistics for crypto engines (in IRF mode). |
display crypto-engine statistics [ engine-id engine-id chassis chassis-number slot slot-number [ cpu cpu-number ] ] |
|
Clear statistics for crypto engines (in standalone mode). |
reset crypto-engine statistics [ engine-id engine-id slot slot-number [ cpu cpu-number ] ] |
|
Clear statistics for crypto engines (in IRF mode). |
reset crypto-engine statistics [ engine-id engine-id chassis chassis-number slot slot-number [ cpu cpu-number ] ] |
