Scroll to navigation

ods-hsmspeed(1) OpenDNSSEC ods-hsmspeed ods-hsmspeed(1)

NAME

ods-hsmspeed - OpenDNSSEC HSM speed tester

SYNOPSIS

ods-hsmspeed [-c config] -r repository [-i iterations] [-s keysize] [-t threads]

DESCRIPTION

The ods-hsmspeed utility is part of OpenDNSSEC and can be used to test the performance of the configured HSMs.

The components of OpenDNSSEC do not talk directly to the HSMs, but uses an internal library called libhsm. It then talks to the HSMs using PKCS#11. The libhsm simplifies the process of creating keys and signatures for the other components of OpenDNSSEC.

ods-hsmspeed will measure the speed by using the libhsm. The result that you get is somewhat lower than what the manufactures promises, because the libhsm creates some overhead to the pure PKCS#11 environment.

OPTIONS

Path to an OpenDNSSEC configuration file.

(defaults to /etc/opendnssec/conf.xml)

Specify the number of iterations for signing an RRset. A higher number of iterations will increase the performance.

(defaults to 1 iteration)

The speed test will be performed on this repository.
A temporary RSA key with the given keysize will be used for signing.

(defaults to 1024 bit)

The number of threads to use. Most HSMs will be utilized better with multiple threads.

(defaults to 1 thread)

SEE ALSO

ods-control(8), ods-enforcerd(8), ods-enforcer(8), ods-hsmutil(1), ods-kaspcheck(1), ods-signer(8), ods-signerd(8), ods-timing(5), ods-kasp(5), ods-hsmspeed(1), opendnssec(7), http://www.opendnssec.org/

AUTHORS

ods-hsmspeed was written by Jakob Schlyter and Nominet as part of the OpenDNSSEC project.

February 2010 OpenDNSSEC