openssl指令介绍
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam enc engine errstr
gendh gendsa genpkey genrsa
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand req
rsa rsautl s_client s_server
s_time sess_id smime speed
spkac srp ts verify
version x509
Message Digest commands (see the `dgst' command for more details)
md4 md5 rmd160 sha
sha1
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx rc2
rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb
rc2-ecb rc2-ofb rc4 rc4-40
seed seed-cbc seed-cfb seed-ecb
seed-ofb
测速指令格式
openssl speed 加密类型
测试aes-128-cbc的速度
测试指令
openssl speed aes-128-cbc
测试结果
# openssl speed aes-128-cbc
Doing aes-128 cbc for 3s on 16 size blocks: 26464725 aes-128 cbc's in 2.96s
Doing aes-128 cbc for 3s on 64 size blocks: 7243226 aes-128 cbc's in 2.98s
Doing aes-128 cbc for 3s on 256 size blocks: 1875147 aes-128 cbc's in 2.98s
Doing aes-128 cbc for 3s on 1024 size blocks: 1013994 aes-128 cbc's in 2.98s
Doing aes-128 cbc for 3s on 8192 size blocks: 128938 aes-128 cbc's in 2.97s
OpenSSL 1.0.2g 1 Mar 2016
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: cc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 143052.57k 155559.22k 161086.45k 348432.84k 355643.13k
结果说明
如下对应的就是aes-128-cbc加密方式下每秒中的吞吐量
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 143052.57k 155559.22k 161086.45k 348432.84k 355643.13k
测试rsa的签名和校验能力
测试指令
openssl speed rsa
测试结果
# openssl speed rsa
Doing 512 bit private rsa's for 10s: 234118 512 bit private RSA's in 9.99s
Doing 512 bit public rsa's for 10s: 3190755 512 bit public RSA's in 9.99s
Doing 1024 bit private rsa's for 10s: 80508 1024 bit private RSA's in 10.00s
Doing 1024 bit public rsa's for 10s: 1208596 1024 bit public RSA's in 9.99s
Doing 2048 bit private rsa's for 10s: 16733 2048 bit private RSA's in 10.00s
Doing 2048 bit public rsa's for 10s: 374912 2048 bit public RSA's in 10.00s
Doing 4096 bit private rsa's for 10s: 1614 4096 bit private RSA's in 10.01s
Doing 4096 bit public rsa's for 10s: 104693 4096 bit public RSA's in 10.00s
OpenSSL 1.0.2g 1 Mar 2016
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: cc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
sign verify sign/s verify/s
rsa 512 bits 0.000043s 0.000003s 23435.2 319394.9
rsa 1024 bits 0.000124s 0.000008s 8050.8 120980.6
rsa 2048 bits 0.000598s 0.000027s 1673.3 37491.2
rsa 4096 bits 0.006202s 0.000096s 161.2 10469.3
结果说明
如下可以看到512/1024/2048/4096 bits下签名和校验能力,由此可以判断https的并发处理的能力
sign verify sign/s verify/s
rsa 512 bits 0.000043s 0.000003s 23435.2 319394.9
rsa 1024 bits 0.000124s 0.000008s 8050.8 120980.6
rsa 2048 bits 0.000598s 0.000027s 1673.3 37491.2
rsa 4096 bits 0.006202s 0.000096s 161.2 10469.3
测试所有加密类型
测试指令
openssl speed
测试结果
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md2 0.00 0.00 0.00 0.00 0.00
mdc2 0.00 0.00 0.00 0.00 0.00
md4 100421.22k 302518.29k 700925.53k 1046604.12k 1216995.33k
md5 72948.32k 206854.46k 455654.40k 643901.82k 707599.75k
hmac(md5) 59479.05k 177344.83k 406820.35k 625874.94k 730223.96k
sha1 85857.77k 245027.35k 569829.38k 877965.31k 1026086.23k
rmd160 45992.19k 112906.11k 204977.75k 254564.01k 276163.55k
rc4 445008.56k 738285.45k 882171.19k 933705.54k 928685.12k
des cbc 77301.84k 82210.39k 82795.43k 82614.20k 81996.71k
des ede3 30050.38k 30150.10k 30198.10k 30644.22k 30647.40k
idea cbc 0.00 0.00 0.00 0.00 0.00
seed cbc 86580.98k 87865.71k 87541.16k 87079.59k 87684.44k
rc2 cbc 57022.98k 57880.85k 58060.80k 58225.66k 58750.29k
rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00
blowfish cbc 128000.89k 136095.25k 138081.62k 138582.02k 137028.32k
cast cbc 118859.83k 126366.35k 126680.58k 123610.84k 125329.41k
aes-128 cbc 145542.72k 159552.85k 164221.61k 358015.32k 361831.60k
aes-192 cbc 123465.79k 130579.11k 134398.38k 297171.97k 300878.51k
aes-256 cbc 106865.55k 114823.17k 115731.37k 263143.42k 264213.85k
camellia-128 cbc 110489.26k 168091.86k 188113.07k 196808.02k 204597.93k
camellia-192 cbc 92579.23k 131184.64k 146380.63k 151149.57k 154097.27k
camellia-256 cbc 97227.69k 133668.27k 146899.54k 152695.47k 154678.61k
sha256 80187.50k 179941.65k 337672.36k 433155.07k 468213.76k
sha512 55083.44k 223528.11k 383059.29k 571181.74k 671730.30k
whirlpool 35489.95k 75998.89k 126236.77k 148734.63k 156196.86k
aes-128 ige 143718.37k 152088.26k 153851.14k 150805.85k 151582.14k
aes-192 ige 125619.61k 130332.83k 128416.02k 128417.79k 130375.27k
aes-256 ige 101943.37k 108499.88k 111283.29k 111167.83k 112672.77k
ghash 1310146.84k 4756691.97k 6972468.82k 8424482.59k 8877252.61k
sign verify sign/s verify/s
rsa 512 bits 0.000045s 0.000003s 22021.7 307557.6
rsa 1024 bits 0.000126s 0.000008s 7946.1 126593.6
rsa 2048 bits 0.000567s 0.000026s 1765.0 38112.9
rsa 4096 bits 0.006013s 0.000092s 166.3 10919.1
sign verify sign/s verify/s
dsa 512 bits 0.000042s 0.000037s 23785.3 26901.3
dsa 1024 bits 0.000094s 0.000096s 10627.1 10454.2
dsa 2048 bits 0.000291s 0.000321s 3441.2 3113.8
sign verify sign/s verify/s
160 bit ecdsa (secp160r1) 0.0003s 0.0002s 3722.8 5573.4
192 bit ecdsa (nistp192) 0.0003s 0.0002s 3134.6 4667.6
224 bit ecdsa (nistp224) 0.0001s 0.0001s 12186.3 8429.1
256 bit ecdsa (nistp256) 0.0001s 0.0001s 15012.7 10425.8
384 bit ecdsa (nistp384) 0.0012s 0.0007s 803.3 1397.0
521 bit ecdsa (nistp521) 0.0004s 0.0006s 2491.2 1545.5
163 bit ecdsa (nistk163) 0.0014s 0.0004s 734.0 2623.1
233 bit ecdsa (nistk233) 0.0029s 0.0005s 345.6 2126.4
283 bit ecdsa (nistk283) 0.0046s 0.0009s 216.8 1155.9
409 bit ecdsa (nistk409) 0.0110s 0.0014s 91.2 692.7
571 bit ecdsa (nistk571) 0.0257s 0.0034s 38.9 293.6
163 bit ecdsa (nistb163) 0.0014s 0.0004s 713.3 2447.0
233 bit ecdsa (nistb233) 0.0030s 0.0005s 338.0 1861.7
283 bit ecdsa (nistb283) 0.0048s 0.0009s 208.1 1090.0
409 bit ecdsa (nistb409) 0.0112s 0.0016s 89.4 622.4
571 bit ecdsa (nistb571) 0.0270s 0.0039s 37.0 256.9
op op/s
160 bit ecdh (secp160r1) 0.0003s 3910.2
192 bit ecdh (nistp192) 0.0003s 3200.9
224 bit ecdh (nistp224) 0.0001s 12659.0
256 bit ecdh (nistp256) 0.0001s 15379.6
384 bit ecdh (nistp384) 0.0010s 954.7
521 bit ecdh (nistp521) 0.0004s 2397.4
163 bit ecdh (nistk163) 0.0002s 5846.4
233 bit ecdh (nistk233) 0.0002s 4477.3
283 bit ecdh (nistk283) 0.0004s 2416.6
409 bit ecdh (nistk409) 0.0007s 1478.3
571 bit ecdh (nistk571) 0.0016s 613.6
163 bit ecdh (nistb163) 0.0002s 5455.8
233 bit ecdh (nistb233) 0.0002s 4161.3
283 bit ecdh (nistb283) 0.0004s 2230.7
409 bit ecdh (nistb409) 0.0007s 1429.4
571 bit ecdh (nistb571) 0.0018s 566.8