how slow are 4Kbit RSA keys? [was: Re: multiple keys vs multiple identities]

Vjaceslavs Klimovs vklimovs at
Mon Sep 27 15:56:52 CEST 2010

On 27/09/10 11:12, David Smith wrote:
> Daniel Kahn Gillmor wrote:
>> On 09/24/2010 09:54 AM, David Shaw wrote:
>>> It won't work with the current generation of OpenPGP smartcards.  It also 
>>> will be dreadfully slow if you (or someone you are communicating with) ever
>>> uses the key on a small machine (think smart phone).  If you are usually on
>>> a "full power" computer, then they generally have the CPU to spare for this
>>> sort of thing, and you'll rarely if ever notice a difference.
>> i'm curious to see some quantitative data about what "dreadfully slow"
>> means.
> Not truly "quantitative, but I notice a significant difference between
> encrypting emails to people with 1024-bit keys vs people with 4096-bit
> keys.  I'd say that the difference is in the order 3-6 seconds.
> I'm running GnuPG 1.4.x on a Sun Ultra10 with a 500 MHz CPU and 1 GB
> RAM.  Yes, I know it's old.  :-)
> We're forced to use 4096-bit keys because some of our customers require it.

I did some quick tests on Nokia N900 (600 MHz ARM CPU), with gnupg
1.4.6, here is what I got:

Encrypting and signing, 2048 bit RSA keys:

real    0m 2.50s
user	0m 0.50s
sys	0m 0.02s

Decrypting and verifying, 2048 bit RSA keys:

real	0m 1.74s
user	0m 0.41s
sys	0m 0.04s

Encrypting and signing, 4096 bit RSA keys:

real    0m 3.58s
user	0m 1.92s
sys	0m 0.06s

Decrypting and veryfying, 4096 bit RSA keys:

real	0m 3.80s
user	0m 1.89s
sys	0m 0.03s

Is one second considered a rule of thumb limit? That would mean that
4096 keys are not suitable for widespread use yet.

More information about the Gnupg-users mailing list