Hi:
2009/8/31 Dave Thompson <dave.thomp...@princetonpayments.com>: >> From: owner-openssl-us...@openssl.org On Behalf Of loody >> Sent: Friday, 28 August, 2009 04:15 > >> > the above mean aes-128 cbc will use 55113.2k bytes/second while >> > encrypting/decrypting 16btytes plain text? > > This build running on this machine doing aes-128-cbc operations > of 16 bytes each does 55113.2k bytes/second, yes. > >> BTW, does "type 16 bytes 64 bytes 256 bytes 1024 >> bytes 8192 bytes" means different length of plain text? > > Yes. > >> As far as I know, aes and des are symmetric encryption, so >> the unit of plaintext should as big as key. > > No, unpadded plaintext (and ciphertext) must be a MULTIPLE > of the DATA BLOCK size, not necessarily the key size. > Original "single" DES had both data=64bits and key=64bits > (but including parity, so the real key was 56bits), > but this is not a requirement in general. > "Triple-DES" (TDEA) has data=64 but key=really168 nominally192 > (or in the obsolete "two-key" option really112 nominally128). > AES has data=128 and key=128 OR 192 OR 256. > (Rijndael, the algorithm used for AES, can handle other data > and key sizes also, but only these sizes are standardized.) > > Note that there is some overhead for each operation, > so e.g. 1 encrypt of 16000 bytes is faster than > 1000 encrypts of 16 bytes each. That's why the aggregate > throughput increases for larger data chunks. > > In practice you usually use padding so that any plaintext > size is allowed, at the cost of making the ciphertext up to > one block bigger than the plaintext. (And for CBC and CTR > modes at least, you also need to transmit the IV somehow; > this is often done by just prepending it to the ciphertext, > making the ciphertext another block bigger.) However, these > functions aren't included in the 'speed' test since they > have negligible effect on performance. > > For *asymmetric* primitives (RSA, DSA, ECDSA) the data > is limited to (somewhat less than) (part of) the key size, > but you don't use asymmetric primitives directly on your data, > instead you use them to encrypt a (small fixed-size) key > for symmetric encryption, or sign a (small fixed-size) hash. Thanks Dave :) appreciate your help, miloody ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org