Le 13/03/2013 20:06, Ewen Chan a écrit :
I'm asking about the '-engine aesni' flag because when I google
"openssl aes-ni" - that's what comes up.
I've never used it before, but I'm about to as I've recently aquired a
system that supports AES-NI.
I'm also asking because I'm about to encrypt a whole bunch of files
and some of them are quite large, so I want to have an idea if the
encryption job is going to be something that's going to be done in a
few minutes, a few hours, or a few days?
Define "quite large".
By disabling AES-NI detection on my laptop, I can encrypt files at about
225MB/s (1 GB in 4.5 seconds, AES-128-CBC). That's much faster than what
my SATA harddrive can do.
Disabling SSE* and MMX instructions allow the same machine to encrypt
data at about 82MB/s (1 GB in 13 seconds). Again, more than enough to
saturate my hard drive.
I was under the impression (based on the documentation and what I've
been able to find online on google) that you had to invoke the AES-NI
by using the '-engine' flag; but I guess from what you're saying, that
that's not true.
That's useless for "openssl enc".
That may be useful for "openssl speed" (as "-evp" may also be useful),
but it's a different goal.
And it can also depend on your hardware, your OpenSSL version, and
compilation flags.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
