Login
- Table of Contents
-
- 18-Security Configuration Guide
- 00-Preface
- 01-APR configuration
- 02-ARP attack protection configuration
- 03-ASPF configuration
- 04-FIPS configuration
- 05-Keychain configuration
- 06-mGRE configuration
- 07-ND attack defense configuration
- 08-PKI configuration
- 09-SSH configuration
- 10-SSL configuration
- 11-uRPF configuration
- 12-Session management
- 13-Public key management
- 14-Crypto engine configuration
- 15-IP-based attack prevention configuration
- 16-Security zone configuration
- 17-Security policy configuration
- 18-Object group configuration
- 19-Attack detection and prevention configuration
- 20-Connection limit configuration
- 21-Packet filter configuration
- 22-IP source guard configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 14-Crypto engine configuration | 47.03 KB |
Crypto engine processing mechanism
Verifying and maintaining crypto engines
Displaying crypto engine information
Displaying and clearing crypto engine statistics
Configuring crypto engines
About crypto engines
Crypto engines encrypt and decrypt data for service modules.
Crypto engine types
Crypto engines include the following types:
· Hardware crypto engines—A hardware crypto engine is a coprocessor integrated on a CPU or hardware crypto card. Hardware crypto engines can accelerate encryption/decryption speed, which improves device processing efficiency. You can enable or disable hardware crypto engines globally as needed. By default, hardware crypto engines are enabled.
· Software crypto engines—A software crypto engine is a set of software encryption algorithms. The device uses software crypto engines to encrypt and decrypt data for service modules. They are always enabled. You cannot enable or disable software crypto engines.
Crypto engine processing mechanism
Crypto engines provide encryption/decryption services for service modules, for example, the IPsec module. When a service module requires data encryption/decryption, it sends the desired data to a crypto engine. After the crypto engine completes data encryption/decryption, it sends the data back to the service module.
Verifying and maintaining crypto engines
Displaying crypto engine information
To display crypto engine information, execute the following command in any view:
display crypto-engine
Displaying and clearing crypto engine statistics
To display crypto engine statistics, execute the following command in any view:
display crypto-engine statistics [ engine-id engine-id slot slot-number ]
To clear crypto engine statistics, execute the following command in user view:
reset crypto-engine statistics [ engine-id engine-id slot slot-number ]
