[Opendnssec-develop] SoftHSM - Signing speed

Roy Arends roy at nominet.org.uk
Thu Dec 11 21:23:49 UTC 2008

Jakob Schlyter wrote on 12/11/2008 09:15:13 PM:

> On 11 dec 2008, at 17.22, Rickard Bondesson wrote:
> > The SoftHSM can now produce 2200 sig/sec (RSA768) with the hsm-speed- 
> > test:
> >
> > ./hsm-speed -t 9 -s 1 -p apaapa123 -i 20000 081211153928020162
> >
> > And RSA1024 gives 1700 sig/sec
> is 9 threads the optimum? on what platform? kuriputo (the lab box) has 
> 4 cores.

Jakob, Rickard,

A straightforward way of squeezing the last bit of juice out of hsm-speed 
is to do several runs, as follows:

Increase iterations (-i) until it does not improve performance.
Then increase threads (-t) until it does not improve performance.
Lastly increase forks (-f) until it does not improve performance.

increasing iterations adds the least overhead. Threading adds a bit more 
overhead, while forking adds the most overhead, per cryptographic 
operation. (because iterations are per thread, threads are per forked 

It is a poor man's solution but it worked well with the SCA6000s

Hope this helps,


Roy Arends
Sr. Researcher
Nominet UK 

More information about the Opendnssec-develop mailing list