Hi,
Knot doesn't access an HSM directly but through GnuTLS. You can simply try
keystore-bench with more
threads to see if it scales this way.
Daniel
On 3/18/25 11:00, Jan-Piet Mens wrote:
Keystore id
'thales', type PKCS #11, threads 1
Algorithm Sigs/sec
RSASHA256 33
ECDSAP256SHA256 27
The person in charge of the HSM reports that the HSM 'perfcheck' utility
reports these numbers using 1 queue, numbers similar to what Knot reports:
Results: Signing
Test number: 368
Test: RSA using RSApPKCS1 with 2048-bit n.
Queue: 1
Rate (signatures/s): 21.307
Min latency (ms): 21.229
Mean latency (ms): 46.945
Max latency (ms): 83.605
CV (%): 6.0730
Min rate (tps): 20.929
Mean rate (tps): 21.307
Max rate (tps): 21.888
Reps: 1920
with a higher number of queues, there's a drastic performance increase:
Test number: 368
Test: RSA using RSApPKCS1 with 2048-bit n.
Queue: 49
Rate (signatures/s): 433.26
Min latency (ms): 47.390
Mean latency (ms): 112.80
Max latency (ms): 169.07
CV (%): 10.313
Min rate (tps): 430.80
Mean rate (tps): 433.26
Max rate (tps): 436.91
Reps: 32088
and with "signing:ECDSA using ECDSAhSHA256 over NISTP256" they measure 548
signatures/s
Are these 'queues' something which Knot uses internally but which isn't
configurable?
-JP
--