18 Bře
2025
18 Bře
'25
10:05
Hello!
In July 2024, in the Knot-DNS 3.3.8 release message, Daniel writes:
I would like to ask users with hardware HSMs to send us
the output of `keymgr <hsm_keystore_id> keystore-test`
This will allow us to update
https://www.knot-dns.cz/docs/latest/html/appendices.html#compatible-pkcs-11…
We're now running Knot 3.4.4 against a Thales HSM (I have no details of the
actual device/model in use at this time) and I see the following data:
$ keymgr -c etc/knot.conf thales keystore-bench
Keystore id 'thales', type PKCS #11, threads 1
Algorithm Sigs/sec
RSASHA256 33
ECDSAP256SHA256 27
ED25519 n/a
ED448 n/a
My first reaction was "hmm, that's slow".
Is there a list (above URL isn't it) of comparable results which I could show
the HSM operators and/or is anybody willing to share their data?
Thanks & regards,
-JP