Encrypting/decrypting large amounts of data in parallel using GnuPG with a HSM ?

Aleksander Adamowski gnupg at olo.org.pl
Thu Apr 29 14:57:33 CEST 2010

On Thu, Apr 29, 2010 at 12:58, Stefan Xenon <stefanxe at gmx.net> wrote:
> As you know OpenPGP relies on a combination of symmetric (e.g. AES) and
> asymmetric (e.g. RSA) encryption. GnuPG uses smart cards for
> *asymmetric* encryption only. Also AFAIK gnupg-pkcs11 does the same but
> uses a standardized interface (PKCS#11). The general approach is fine,
> protecting the secret keys in hardware and computing the intense
> operations on the main computer. In case of large amount of data, the
> *symmetric* encryption may be the bottle neck, instead of the
> *asymmetric* encryption. Therefore an array of several smart cards may
> not be the right approach.

I'd tend to disagree. When symmetric encryption becomes a bottleneck,
we can usually add more CPU cores to process more encryptions in
Also, for small portions of data, this should not become a concern.
However, depending on a single SmartCard to realize asymmetric crypto
ops is a bottleneck which seems much harder to overcome.

> To me your question would make sense if the main computer is not capable
> to handle the symmetric encryption only. In current times of multi core
> CPUs I doubt that this may really the case. Also you should consider
> that you have to start separate GnuPG instances for each file/user. This
> would scale very well on any multi core system nomatter whether a single
> GnuPG process separates its workload to several threads or not (what I
> don't know).

I'm not talking about symmetric crypto, and, specifically, not about
PGP encryption at all, since it doesn't involve the private asymmetric
I suppose that host-handled, purely software crypto is not a concern,
exactly for the reasons you have listed - it's quite easy to scale

What I'm talking about, is PGP *decryption* and *signing* (the
operations which have to involve the secret key) using a SmartCard or

I want to have the private key securely stored in the hardware
(SmartCard or HSM), asymmetric crypto ops securely performed in the
hardware and I'm concerned with the hardware becoming a bottleneck.

I suspect that handling e.g. 50 PGP signatures and/or decryptions per
second may be too much for this kind of setup - am I right?

In such a case, I'd like to know what behaviour would gpg agent
exhibit under high load:
* will it queue the crypto requests?
* will these requests wait indefinitely if the queue grows faster than
it is processed or will they timeout?
* is there a way to add more SmartCards with readers with the same
keypair loaded onto them, and load balance them?

As an alternative, I'd like to know whether anyone tried using
gnupg-pkcs11 and a HSM (like Thawte/nCipher/nShield or SafeNet Luna)
for handling large loads with GnuPG.

Best Regards,
  Aleksander Adamowski

More information about the Gnupg-users mailing list