Linux Tips & Tricks - Hardware Encryption Acceleration

Linux Tips & Tricks - Hardware Encryption Acceleration
Does I has it?

Many systems and CPU's have built in encryption acceleration hardware. To find out if your system includes such hardware and how fast it is, run the following commands and compare the output. If your system has working hw acceleration, the line with -evp in it will return higher rates.

$ openssl speed aes-256-cbc
$ openssl speed -evp aes-256-cbc

For example, here's the relevant portions of the above output from one of my systems.

type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256 cbc 68577.43k 72631.80k 73771.43k 74353.36k 74506.10k

type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256-cbc 351297.11k 383059.63k 418126.17k 429977.26k 432078.85k

As you can see, the system is roughly 6 times faster with hw acceleration at processing 8k AES-256-CBC packets.

To just see what acceleration engines your system supports, type (with sample output):
# sort -u /proc/crypto | grep module
module : aesni_intel
module : aes_x86_64
module : crc32c_intel
module : crc32_pclmul
module : crct10dif_pclmul
module : kernel

To do a full encryption benchmark run on your system, type:
# openssl speed


#Linux   #Encryption