On 07/30/2009 08:05 AM, Alexander Lamaison wrote:
I'm calling PEM_read_bio_RSAPrivateKey and PEM_read_bio_DSAPrivateKey
with private keys loaded from files on disk. I read the file into a
string, put that into a BIO and then call the function.
At the moment, I'm reading the entire key file into memory but, of
course, this isn't very safe. The user could accidentally specify a
huge file and this would try to read all of it into a string. What is
the maximum size of the RSA/DSA key files that OpenSSL can read? I
can just return an error if the file exceeds that. I've tried to find
a specification for the key files but not had much success.
Many thanks.
Alex Lamaison
--
http://swish.sourceforge.net
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
Alex,
It would probably be a safe bet to say that stick with RSA between 1024
(US Govt will consider 1024 to be weak by the end of 2010) and 8192. As
the key size goes up the more horsepower you need. This is on my quad
9850...(2.6GHz x 4)
sign verify sign/s verify/s
rsa 1024 bits 0.001958s 0.000087s 510.8 11437.3
rsa 2048 bits 0.010719s 0.000276s 93.3 3617.8
rsa 4096 bits 0.066419s 0.000972s 15.1 1028.8
All done with: openssl speed rsaX, where X is 1024, 2048,4096.
DSA
sign verify sign/s
verify/s
dsa 1024 bits 0.000860s 0.001033s 1162.5 967.8
dsa 2048 bits 0.002696s 0.003171s 370.9 315.3
In my personal opinion.... RSA1024, 2048 are the only key sizes you
might want to accept for performance reasons for right now.... Unless
you can get ECC to work.:-P
Hope this helps...
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
