09-Security Configuration Guide

HomeSupportResource CenterSwitchesH3C S6300 Switch SeriesH3C S6300 Switch SeriesTechnical DocumentsConfigureConfiguration GuidesH3C S6300 Switch Series Configuration Guides-Release 243x-6W10009-Security Configuration Guide
15-Crypto engine configuration
Title Size Download
15-Crypto engine configuration 33.26 KB

Configuring crypto engines

Overview

Crypto engines encrypt and decrypt data for service modules. Crypto engines include the following types:

·           Hardware crypto engines—A hardware crypto engine is a coprocessor integrated on a CPU or hardware crypto card. Hardware crypto engines can accelerate encryption/decryption speed, which improves device processing efficiency. You can enable or disable hardware crypto engines globally as needed.

·           Software crypto engines—A software crypto engine is a set of software encryption algorithms. The device uses software crypto engines to encrypt and decrypt data for service modules. They are always enabled. You cannot enable or disable software crypto engines.

The switch supports only one software crypto engine.

The crypto engine provides encryption/decryption services for service modules, for example, the IPsec module. When a service module requires data encryption/decryption, it sends the desired data to the crypto engine. After the crypto engine completes data encryption/decryption, it sends the data back to the service module.

Displaying and maintaining crypto engines

Execute display commands in any view and reset commands in user view.

 

Task

Command

Display information about crypto engines.

display crypto-engine

Display statistics for crypto engines.

display crypto-engine statistics [ engine-id engine-id slot slot-number ]

Clear statistics for crypto engines.

reset crypto-engine statistics [ engine-id engine-id slot slot-number ]