durgaprasad jammula, thank you for your help, I do think T2000 (sun sparc
machine) has the hardware accelerator for RSA encryption, but I also test
the performance on an amd64 machine (dell optiplex 745, a desktop pc), I
think there should not be hardware accelerator in the dell amd64 machine,
but the RSA enc and dec performance on the amd 64 dell machine running
Solaris x64(100 times RSA enc and dec in 700ms) is also much higher than
the same machine running windows 2003 x86 (100 times RSA enc and dec in
1200ms without pkcs11 engine.
On 2/14/07, durgaprasad jammula <[EMAIL PROTECTED]> wrote:
PKCS11 is interface to hardware cryptographic accelators. If you use
PKCS11 engine, instead of software doing the encryption/decryption, hardware
does it. To use, PKCS11, you need to have cryptographic hardware accelator.
This comes by default with Sun Fire T2000.
If you encrypt the data with PKCS11 engine, you can decrypt it without
using PKCS11 engine.
I am not sure of hardware accelators for windows.. So, I dont know the
answer for your second question.
----- Original Message ----
From: AD D <[EMAIL PROTECTED]>
To: openssl-users@openssl.org
Sent: Wednesday, February 14, 2007 1:05:10 PM
Subject: RSA encryption and decryption performance difference between
pkcs11 engine and default engine on windows and solaris
Hi,
I use openssl RSA encrypt and decrypt both on windows 2003 and solaris
(amd64 and sparc T2000). I wrote some performance test code like
gettimeofday(&tpsbegin, NULL);
for (i = 0; i < 100; i++)
{
r = RSA_public_encrypt(245, plain_data, enc_data, key,
RSA_PKCS1_PADDING);
if (r <= 0)
{
err = ERR_peek_last_error();
printf("encrypt error %s\n",
ERR_reason_error_string(err));
break;
}
r = RSA_private_decrypt(r, enc_data, dec_data, key,
RSA_PKCS1_PADDING);
if (r <= 0)
{
err = ERR_peek_last_error();
printf("decrypt error %s\n",
ERR_reason_error_string(err));
break;
}
}
gettimeofday(&tpsend, NULL);
interval = (tpsend.tv_sec - tpsbegin.tv_sec) * 1000000;
interval += tpsend.tv_usec;
interval -= tpsbegin.tv_usec;
interval = interval / 1000;
printf("RSA enc and dec %d times %d\n", i, interval);
At first, I ran the code on windows, 100 times RSA encryption and
decryption wasted 1500ms, then I ran the code on Solaris (sparc t2000), it
wast 8000ms.
I googled that why Solaris RSA enc and dec is so slow and found that the
pkcs11 engine should be use to improve Solaris RSA performance.
I did use the pkcs11 engine
e = ENGINE_by_id("pkcs11");
if (e != NULL)
{
if (ENGINE_init(e) == 0)
{
printf("engine init failed\n");
}
if (ENGINE_set_default_RSA(e) == 0)//, ENGINE_METHOD_ALL) == 0)
{
printf("set engine failed\n");
}
ENGINE_finish(e);
ENGINE_free(e);
}
else
{
printf("finding engine failed\n");
}
Solaris (sparc t2000) 100 times RSA encryption and decryption wasted only
600ms, I also test the code on Solaris (amd64 3800+ dual core), 100 times
RSA encryption and decryption wasted about 700ms, the pkcs11 engine
extremely improve the RSA performance.
And now, I have 2 questions,
First 1, Whether the pkcs11 engine affect the encryption result? I mean
ff I encrypt the plain data by pkcs11 engine, can I decrypt them normally
without pkcs11 engine?
Sencond 1, pkcs11 engine is amazing on Solaris, I want to know how can I
imporove windows (I did not found pkcs11 engine on windows) RSA dec and enc
performance to pkcs11 level?
Thank you for your help.
------------------------------
Never Miss an Email
Stay connected with Yahoo! Mail on your mobile. Get
started!<http://us.rd.yahoo.com/evt=43909/*http://mobile.yahoo.com/services?promote=mail>
