AES-NI + compression

Werner Koch wk at
Mon Nov 26 10:16:05 CET 2012

On Fri, 23 Nov 2012 00:35, chris.adamson at said:

> implementation. I also tested the effect of adding compression, which is
> important to me since I'm using gpg for backup. I took 895M of fairly
> compressible DICOM data in a tar file (bz2 compresses to 168M) and ran

Note that gpg may not always be able to auto-detect already compressed
files.  To be safe you should use "-z 0" to disable gpg's own
compression layer.

> My immediate questions: i386 AES-NI gives a 50% reduction when compared
> to the i386 software version, is this expected or should it be a greater
> reduction? I did see some x86_64 AES-NI patches released on the list,
> will these be put into a released version or backported?

GPG uses a quite complex internal pipepline to process the data, thus
improvements in Libgcrypt's AES code won't have a full effect on GPG's
encryption.  In particular OpenPGP'c use of the CFB mode does not allow
to parallelize the encryption operation.

Jussi's recent AES-NI improvements will go into the 1.6. version.  I
don't think that it makes sense to backport them.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list