PKCS11 is interface to hardware cryptographic accelators. If you use PKCS11
engine, instead of software doing the encryption/decryption, hardware does it.
To use, PKCS11, you need to have cryptographic hardware accelator. This comes
by default with Sun Fire T2000.
If you encrypt the data with PKCS11 engine, you can decrypt it without using
PKCS11 engine.
I am not sure of hardware accelators for windows.. So, I dont know the answer
for your second question.
----- Original Message ----
From: AD D <[EMAIL PROTECTED]>
To: openssl-users@openssl.org
Sent: Wednesday, February 14, 2007 1:05:10 PM
Subject: RSA encryption and decryption performance difference between pkcs11
engine and default engine on windows and solaris
Hi,
I use openssl RSA encrypt and decrypt both on windows 2003 and solaris
(amd64 and sparc T2000). I wrote some performance test code like
gettimeofday(&tpsbegin, NULL);
for (i = 0; i < 100; i++)
{
r = RSA_public_encrypt(245, plain_data, enc_data, key,
RSA_PKCS1_PADDING);
if (r <= 0)
{
err = ERR_peek_last_error();
printf("encrypt error %s\n", ERR_reason_error_string(err));
break;
}
r = RSA_private_decrypt(r, enc_data, dec_data, key,
RSA_PKCS1_PADDING);
if (r <= 0)
{
err = ERR_peek_last_error();
printf("decrypt error %s\n", ERR_reason_error_string(err));
break;
}
}
gettimeofday(&tpsend, NULL);
interval = (tpsend.tv_sec - tpsbegin.tv_sec) * 1000000;
interval += tpsend.tv_usec;
interval -= tpsbegin.tv_usec;
interval = interval / 1000;
printf("RSA enc and dec %d times %d\n", i, interval);
At first, I ran the code on windows, 100 times RSA encryption and decryption
wasted 1500ms, then I ran the code on Solaris (sparc t2000), it wast 8000ms.
I googled that why Solaris RSA enc and dec is so slow and found that the pkcs11
engine should be use to improve Solaris RSA performance.
I did use the pkcs11 engine
e = ENGINE_by_id("pkcs11");
if (e != NULL)
{
if (ENGINE_init(e) == 0)
{
printf("engine init failed\n");
}
if (ENGINE_set_default_RSA(e) == 0)//, ENGINE_METHOD_ALL) == 0)
{
printf("set engine failed\n");
}
ENGINE_finish(e);
ENGINE_free(e);
}
else
{
printf("finding engine failed\n");
}
Solaris (sparc t2000) 100 times RSA encryption and decryption wasted only
600ms, I also test the code on Solaris (amd64 3800+ dual core), 100 times
RSA encryption and decryption wasted about 700ms, the pkcs11 engine extremely
improve the RSA performance.
And now, I have 2 questions,
First 1, Whether the pkcs11 engine affect the encryption result? I mean ff I
encrypt the plain data by pkcs11 engine, can I decrypt them normally without
pkcs11 engine?
Sencond 1, pkcs11 engine is amazing on Solaris, I want to know how can I
imporove windows (I did not found pkcs11 engine on windows) RSA dec and enc
performance to pkcs11 level?
Thank you for your help.
____________________________________________________________________________________
Want to start your own business?
Learn how on Yahoo! Small Business.
http://smallbusiness.yahoo.com/r-index
