[Opendnssec-develop] SoftHSM - Signing speed
roy at nominet.org.uk
Thu Dec 11 22:23:49 CET 2008
Jakob Schlyter wrote on 12/11/2008 09:15:13 PM:
> On 11 dec 2008, at 17.22, Rickard Bondesson wrote:
> > The SoftHSM can now produce 2200 sig/sec (RSA768) with the hsm-speed-
> > test:
> > ./hsm-speed -t 9 -s 1 -p apaapa123 -i 20000 081211153928020162
> > And RSA1024 gives 1700 sig/sec
> is 9 threads the optimum? on what platform? kuriputo (the lab box) has
> 4 cores.
A straightforward way of squeezing the last bit of juice out of hsm-speed
is to do several runs, as follows:
Increase iterations (-i) until it does not improve performance.
Then increase threads (-t) until it does not improve performance.
Lastly increase forks (-f) until it does not improve performance.
increasing iterations adds the least overhead. Threading adds a bit more
overhead, while forking adds the most overhead, per cryptographic
operation. (because iterations are per thread, threads are per forked
It is a poor man's solution but it worked well with the SCA6000s
Hope this helps,
More information about the Opendnssec-develop