The Linux kernel exports a Netlink interface of type AF_ALG to allow user space to utilize the kernel crypto API.

libkcapi uses this Netlink interface and exports easy to use APIs so that a developer does not need to consider the low-level Netlink interface handling.

The library does not implement any cipher algorithms. All consumer requests are sent to the kernel for processing. Results from the kernel crypto API are returned to the consumer via the library API.

The kernel interface and therefore this library can be used by unprivileged processes.

The focus during the development of this library is put on speed. This library does not perform any memcpy for processing the cryptographic data! The library uses scatter / gather lists to eliminate the need for moving data around in memory.

A public git repository is found at Github.

API Documentation

A full documentation is derived from the source code comments in kcapi-kernel-if.c.

See the README file enclosed in the source code for details on how to use the code.

See the TODO file enclosed in the source code for details on open items.

Historic Releases

For older releases, see the libkcapi historic page.

Subsections of libkcapi

libkcapi 1.5.0

libkcapi Source Code

libkcapi Source Code_Signature


  • move all sha* applications to the libexec directory to allow them to coexist with other packages sha* applications - the caller is expected to make a symlink to them

  • add sha3sum

  • add kcapi_md_sha3_* wrapper APIs

  • various small fixes