> From: owner-openssl-us...@openssl.org On Behalf Of loody > Sent: Friday, 28 August, 2009 04:15
> > the above mean aes-128 cbc will use 55113.2k bytes/second while > > encrypting/decrypting 16btytes plain text? This build running on this machine doing aes-128-cbc operations of 16 bytes each does 55113.2k bytes/second, yes. > BTW, does "type 16 bytes 64 bytes 256 bytes 1024 > bytes 8192 bytes" means different length of plain text? Yes. > As far as I know, aes and des are symmetric encryption, so > the unit of plaintext should as big as key. No, unpadded plaintext (and ciphertext) must be a MULTIPLE of the DATA BLOCK size, not necessarily the key size. Original "single" DES had both data=64bits and key=64bits (but including parity, so the real key was 56bits), but this is not a requirement in general. "Triple-DES" (TDEA) has data=64 but key=really168 nominally192 (or in the obsolete "two-key" option really112 nominally128). AES has data=128 and key=128 OR 192 OR 256. (Rijndael, the algorithm used for AES, can handle other data and key sizes also, but only these sizes are standardized.) Note that there is some overhead for each operation, so e.g. 1 encrypt of 16000 bytes is faster than 1000 encrypts of 16 bytes each. That's why the aggregate throughput increases for larger data chunks. In practice you usually use padding so that any plaintext size is allowed, at the cost of making the ciphertext up to one block bigger than the plaintext. (And for CBC and CTR modes at least, you also need to transmit the IV somehow; this is often done by just prepending it to the ciphertext, making the ciphertext another block bigger.) However, these functions aren't included in the 'speed' test since they have negligible effect on performance. For *asymmetric* primitives (RSA, DSA, ECDSA) the data is limited to (somewhat less than) (part of) the key size, but you don't use asymmetric primitives directly on your data, instead you use them to encrypt a (small fixed-size) key for symmetric encryption, or sign a (small fixed-size) hash. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
