RSA signature verification in gpg-agent?

Werner Koch wk at gnupg.org
Sat Sep 26 00:00:48 CEST 2015


On Fri, 25 Sep 2015 05:41, dkg at fifthhorseman.net said:

> This seems sensible to me.  Given the performance characteristics of RSA
> and of hardware smartcards, i can't imagine that this imposes much of a
> performance cost either.

Definitely not a problem.  

Algorithm         generate  100*priv  100*public
------------------------------------------------
RSA 1024 bit          30ms      70ms         0ms
RSA 2048 bit          80ms     390ms        10ms
RSA 3072 bit        3490ms    1050ms        20ms
RSA 4096 bit        3590ms    2220ms        20ms

Thus for a 2k key the public key operation (verify) takes only 2% of the
secret key operation (signing).  Thus it is barely noticeable even if you
consider that the signing requires some random bytes.  For the way
slower smartcard signing the extra verify on the host does not have any
measurable effect.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list