Login
- Table of Contents
-
- 16-Security Configuration Guide
- 00-Preface
- 01-ACL configuration
- 02-Time range configuration
- 03-User profile configuration
- 04-Password control configuration
- 05-Public key management
- 06-PKI configuration
- 07-IPsec configuration
- 08-SSH configuration
- 09-SSL configuration
- 10-SSL VPN configuration
- 11-Session management
- 12-Connection limit configuration
- 13-Attack detection and prevention configuration
- 14-ARP attack protection configuration
- 15-ND attack defense configuration
- 16-ASPF configuration
- 17-Protocol packet rate limit configuration
- 18-Crypto engine configuration
- 19-Security policy configuration
- 20-Object group configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 18-Crypto engine configuration | 44.18 KB |
Enabling the GM-capable hardware crypto engine for GM algorithms
Display and maintenance commands for crypto engines
Configuring crypto engines
About crypto engines
Crypto engines provide encryption/decryption services for service modules, for example, the IPsec module. When a service module requires data encryption/decryption, it sends the desired data to a crypto engine. After the crypto engine completes data encryption/decryption, it sends the data back to the service module.
Enabling the GM-capable hardware crypto engine for GM algorithms
About this task
By default, the device uses software crypto engines for data encryption/decryption by GM algorithms, including SM2, SM3, and SM4 algorithms. That is, the system uses its own software algorithms for data encryption/decryption. This consumes system resources and is less efficient. When the device is installed with the GM-capable hardware crypto engine, you can configure this feature to enable the hardware crypto engine for a specific GM algorithm. Then, data encryption/decryption by that GM algorithm will not consume system resources, which improves device processing efficiency.
Procedure
1. Enter system view.
system-view
2. Enable the GM-capable hardware crypto engine for GM algorithms.
crypto-engine accelerator enable gm-algorithm { sm2 | sm3 | sm4 }*
By default, the GM-capable hardware crypto engine is disabled for GM algorithms.
Display and maintenance commands for crypto engines
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
Display crypto engine information. |
display crypto-engine |
|
Display the enabling status of the GM-capable hardware crypto engine for GM algorithms. |
display crypto-engine accelerator gm-algorithm status |
|
Display crypto engine statistics. |
display crypto-engine statistics [ engine-id engine-id ] |
|
Clear crypto engine statistics. |
reset crypto-engine statistics [ engine-id engine-id ] |
