Hi
I'm on a steep learning curve from Solaris 10 to 11.4 on a SPARC T4 environment, so please bear with me as I haven't found an answer to this question!
I'm looking at AES 128 encryption tools, particularly for tape. I didn't need to use any on Solaris 10 so I'm leaning from a fresh 11.4 perspective.
I've learned from Oracle documentation that I can use encrypt and decrypt commands and pipe from tar etc when writing to tape. But I also learned form other internet sources this can be done with the openssl command, and is pretty common on Linux.
I can also sort of understand that OpenSSL included with Solaris 11.4 now has direct integrations with the T4 crypto hardware compared with earlier Solaris releases, so maybe it's now a case of both openssl and encrypt being effectively the same under the hood and using the same "engines"?
So really I'm looking for understand:
- Which should I chose for Solaris 11.4 going forward, openssl or encrypt command and why?
- Is encrypt just there for backward compatibility, and are now actually using the same Crypto framework?
- To me they both have very similar performance, but is one actually faster or advantageous over the other?
- I believe encrypt -a aes might be using a different AES compared to openssl enc -aes-128-cbc, so how can I ensure I am calling them the same way to test properly?
Thanks for your comments.