[openssl-users] RSA Key generation time

Frank Migge fm at frank4dd.com
Sat Jan 28 11:28:27 UTC 2017 

Hi Mithun,

 >> I have a embedded board P1010 RDB  running openssl on VXWORKS 5.4 .
 >> I am generating RSA 2048 and 3072 bit key pairs.
 >> I am providing entropy to openssl by using RAND_seed from a HW RNG.

 >> My average generation time for RSA 2048 key pair is 2 Minutes and 
  3072 is 8 minutes.

I noticed embedded board key generation times vary by OS and OpenSSL 
version after converting a Altera Atlas FPGA SoC HPS from original 2013 
Yocto Linux to latest Ubuntu. Under the old Yocto, key generation 
occasionally took up to 2 minutes. Same board under Ubuntu 16.04, 2048 
RSA keys take consistently 2-5 seconds, while 3072 keys need around 8-16 
seconds. Even running the system single core, the numbers don't change 
(on a low utilized system, using OS built-in /dev/urandom).

While I am on a different CPU and OS (32bit ARM v7  900Mhz dual core, 
1GB 400Mhz RAM), your e500 PowerPC can't be to far behind. Your numbers 
seem to be off by a magnitude. You mentioned using a external HW RNG, 
could that be it?

Cheers,
Frank
> Jakob Bohm <mailto:jb-openssl at wisemo.com>
> Wednesday, January 25, 2017 1:10 AM
> I'm afraid you will have to look at the OpenSSL source code, I haven't
> paid much attention to that CPU recently.
>
>
>
>
> Enjoy
>
> Jakob
> Mithun P <mailto:getmithunp at gmail.com>
> Monday, January 23, 2017 4:09 PM
> Hi Jakob,
>
> Can you please give me some reference/example of bignum optimization 
> which I can check on powerpc architectures.
> Is this any specific instruction set addition? or something more generic?
>
> Thanks & Regards
> Mithun
>
>
> Jakob Bohm <mailto:jb-openssl at wisemo.com>
> Wednesday, January 18, 2017 1:08 AM
>
> I believe this is a CPU intensive operation (if VxWorks can do
> this, try observing the CPU load during).
>
> Potential improvements:
>
> 1. Check if the CPU specific bignum optimizations for your CPU
>   variant have been enabled via the libcrypto CPU detection code
>   (for example, there are optimizations for different ARM cortex
>   variants).
> 2. Faster CPU (expensive obviously).
> 3. Do the generation in the background before the keypair is
>   needed, at a time when the extra CPU load is less of a problem.
>
>
> Enjoy
>
> Jakob
> Mithun P <mailto:getmithunp at gmail.com>
> Tuesday, January 17, 2017 3:44 PM
> Hi
>
> I have a embedded board P1010 RDB  running openssl on VXWORKS 5.4 .
> I am generating RSA 2048 and 3072 bit key pairs.
> I am providing entropy to openssl by using RAND_seed from a HW RNG.
>
> My average generation time for RSA 2048 key pair is 2 Minutes and 
>  3072 is 8 minutes.
> Is there a way to reduce the generation time?
>
> Regards
> Mithun
> <https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170128/3ad85d95/attachment.html>

More information about the openssl-users mailing list