Crypto Notes
From Entuura
SMIME encryption:
openssl smime -in payload.bin.gz -outform der -out payload.der -encrypt -nocerts -inkey /etc/key/host.key -aes256 -binary /etc/certs/steve.first.ts-net.org.pem
DER is smallest:
-rw-r--r-- 1 root root 271007 Nov 8 10:36 payload.der -rw-r--r-- 1 root root 367182 Nov 8 10:34 payload.enc -rw-r--r-- 1 root root 367032 Nov 8 10:36 payload.pem
DER is uncompressible (as expected):
-rw-r--r-- 1 root root 271195 Nov 8 10:37 payload.der.gz
DECRYPTING:
openssl smime -decrypt -in payload.der -inform der -inkey host.key -out payload.gz
With two recipients:
-rw-r--r-- 1 root root 271289 Nov 8 10:43 payload.der
When gva tries to decrypt something for steve:
root@OpenWrt:~/csr$ openssl smime -decrypt -in payload.der -inform der -inkey host.key -out payload3.gz Error decrypting PKCS#7 structure 952:error:21070092:lib(33):func(112):reason(146):NA:0: 952:error:21072077:lib(33):func(114):reason(119):NA:0:
To dump a CSR:
openssl req -text -in host.csr
To sign a file:
openssl smime -sign -signer /etc/key/cert.pem -in payload.bin.gz -binary -inkey /etc/key/host.key -nodetach -outform der -out payload.bin.gz.signed
To check signature on a file:
openssl smime -verify -signer signer.pem -in payload.bin.gz.signed -inform der
-CAfile /etc/ca-cert.pem -out payload.bin.gz.aftersign
(Signer's cert ends up in signer.pem.)
Contents |
Benchmarks
An ASUS is faster than my laptop, when qemu is in software emulation mode!
My laptop
jra@nano:~$ cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 11 model name : Intel(R) Pentium(R) III Mobile CPU 1133MHz stepping : 1 cpu MHz : 731.500 cache size : 512 KB fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca cmov pat pse36 mmx fxsr sse up bogomips : 1466.58 clflush size : 32
OpenWRT x86 running inside of qemu with kqemu
Doing aes-128 cbc for 3s on 16 size blocks: 3779263 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 64 size blocks: 1003121 aes-128 cbc's in 3.02s Doing aes-128 cbc for 3s on 256 size blocks: 254548 aes-128 cbc's in 3.02s Doing aes-128 cbc for 3s on 1024 size blocks: 63557 aes-128 cbc's in 3.01s Doing aes-128 cbc for 3s on 8192 size blocks: 7961 aes-128 cbc's in 3.01s Doing aes-192 cbc for 3s on 16 size blocks: 3259682 aes-192 cbc's in 3.01s Doing aes-192 cbc for 3s on 64 size blocks: 849262 aes-192 cbc's in 3.01s Doing aes-192 cbc for 3s on 256 size blocks: 214103 aes-192 cbc's in 3.01s Doing aes-192 cbc for 3s on 1024 size blocks: 53667 aes-192 cbc's in 3.01s Doing aes-192 cbc for 3s on 8192 size blocks: 6519 aes-192 cbc's in 3.02s Doing aes-256 cbc for 3s on 16 size blocks: 2941919 aes-256 cbc's in 3.01s Doing aes-256 cbc for 3s on 64 size blocks: 762053 aes-256 cbc's in 3.02s Doing aes-256 cbc for 3s on 256 size blocks: 193203 aes-256 cbc's in 3.02s Doing aes-256 cbc for 3s on 1024 size blocks: 48102 aes-256 cbc's in 3.02s Doing aes-256 cbc for 3s on 8192 size blocks: 5891 aes-256 cbc's in 3.01s OpenSSL 0.9.8e 23 Feb 2007 built on: Wed Nov 7 23:20:15 CET 2007 options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr) compiler: i386-linux-uclibc-gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DDSO_DLFCN -DHAVE_DLFCN_H -I/home/jra/kamikaze/staging_dir/i386/usr/include -I/home/jra/kamikaze/staging_dir/i386/include -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_ERR -DTERMIO -O2 -pipe -march=i486 -funit-at-a-time -fhonour-copts -fomit-frame-pointer -Wall available timing options: TIMES TIMEB HZ=100 [sysconf value] timing function used: times The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 20156.07k 21258.19k 21577.58k 21622.05k 21666.62k aes-192 cbc 17327.21k 18057.40k 18209.42k 18257.48k 17683.33k aes-256 cbc 15638.11k 16149.47k 16377.47k 16310.08k 16032.91k
OpenWRT x86 running inside of qemu without kqemu
Doing aes-128 cbc for 3s on 16 size blocks: 202206 aes-128 cbc's in 3.02s Doing aes-128 cbc for 3s on 64 size blocks: 54482 aes-128 cbc's in 3.02s Doing aes-128 cbc for 3s on 256 size blocks: 13974 aes-128 cbc's in 3.02s Doing aes-128 cbc for 3s on 1024 size blocks: 3325 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 8192 size blocks: 435 aes-128 cbc's in 3.01s Doing aes-192 cbc for 3s on 16 size blocks: 182108 aes-192 cbc's in 3.02s Doing aes-192 cbc for 3s on 64 size blocks: 48576 aes-192 cbc's in 3.02s Doing aes-192 cbc for 3s on 256 size blocks: 12408 aes-192 cbc's in 3.02s Doing aes-192 cbc for 3s on 1024 size blocks: 3117 aes-192 cbc's in 3.02s Doing aes-192 cbc for 3s on 8192 size blocks: 389 aes-192 cbc's in 3.01s Doing aes-256 cbc for 3s on 16 size blocks: 161082 aes-256 cbc's in 3.01s Doing aes-256 cbc for 3s on 64 size blocks: 43829 aes-256 cbc's in 3.02s Doing aes-256 cbc for 3s on 256 size blocks: 10871 aes-256 cbc's in 3.02s Doing aes-256 cbc for 3s on 1024 size blocks: 2832 aes-256 cbc's in 3.01s Doing aes-256 cbc for 3s on 8192 size blocks: 354 aes-256 cbc's in 3.00s OpenSSL 0.9.8e 23 Feb 2007 built on: Wed Nov 7 23:20:15 CET 2007 options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr) compiler: i386-linux-uclibc-gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DDSO_DLFCN -DHAVE_DLFCN_H -I/home/jra/kamikaze/staging_dir/i386/usr/include -I/home/jra/kamikaze/staging_dir/i386/include -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_ERR -DTERMIO -O2 -pipe -march=i486 -funit-at-a-time -fhonour-copts -fomit-frame-pointer -Wall available timing options: TIMES TIMEB HZ=100 [sysconf value] timing function used: times The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 1071.29k 1154.59k 1184.55k 1134.93k 1183.89k aes-192 cbc 964.81k 1029.43k 1051.80k 1056.89k 1058.70k aes-256 cbc 856.25k 928.83k 921.52k 963.44k 966.66k
On ASUS WL-500GP
- openssl speed aes-128-cbc
Doing aes-128 cbc for 3s on 16 size blocks: 560899 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 64 size blocks: 145858 aes-128 cbc's in 3.01s Doing aes-128 cbc for 3s on 256 size blocks: 36919 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 1024 size blocks: 9254 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 8192 size blocks: 1154 aes-128 cbc's in 3.01s OpenSSL 0.9.8e 23 Feb 2007 built on: Thu Nov 15 21:35:48 CET 2007 options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr) compiler: mipsel-linux-uclibc-gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DDSO_DLFCN -DHAVE_DLFCN_H -I/home/jra/openwrt/staging_dir/mipsel/usr/include -I/home/jra/openwrt/staging_dir/mipsel/include -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_ERR -DTERMIO -Os -pipe -mips32 -mtune=mips32 -funit-at-a-time -fhonour-copts -fomit-frame-pointer -Wall available timing options: TIMES TIMEB HZ=100 [sysconf value] timing function used: times The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 2991.46k 3101.30k 3150.42k 3158.70k 3140.72k
My Laptop Native
jra@nano:~$ openssl speed aes-128-cbc Doing aes-128 cbc for 3s on 16 size blocks: 3229074 aes-128 cbc's in 2.74s Doing aes-128 cbc for 3s on 64 size blocks: 1547658 aes-128 cbc's in 2.91s Doing aes-128 cbc for 3s on 256 size blocks: 486944 aes-128 cbc's in 2.93s Doing aes-128 cbc for 3s on 1024 size blocks: 106872 aes-128 cbc's in 2.40s Doing aes-128 cbc for 3s on 8192 size blocks: 16213 aes-128 cbc's in 2.90s OpenSSL 0.9.8e 23 Feb 2007 built on: Mon Oct 22 13:17:36 UTC 2007 options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: gcc-4.1 -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -march=i686 -Wa,--noexecstack -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM available timing options: TIMES TIMEB HZ=100 [sysconf value] timing function used: times The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 18855.91k 34037.84k 42545.28k 45598.72k 45798.93k
