[Botan-devel] Key handling in Botan

Jack Lloyd lloyd at randombit.net
Fri Nov 20 03:45:26 EST 2009

On Fri, Nov 20, 2009 at 09:34:09AM +0100, Rickard Bellgrim wrote:
> > Definitely. With strong key checking (checking all primes, keypair
> > consistency, etc) loading a 2048-bit RSA key from a file takes about
> > 30 milliseconds (on my desktop). With most checking disabled (toggling
> > BOTAN_PRIVATE_KEY_STRONG_CHECKS_ON_LOAD in build.h) it goes to 5 ms.
> > Which is still perhaps substantial, since (after precomputations) a
> > RSA signature for a key that size takes about 5 ms on my machine.
> And I guess that the same thing applies to DSA, ECDSA, and GOST?


DSA, definitely. Though DSA may (or may not) be cheaper than RSA even
for the same key size simply due to entirely different checks being
performed. For instance to confirm keypair validity only a single
mod-exp is required.

Currently it appears the ECC algorithms have a no-op check_key() which
apparently is something inherited from the InSiTo code that I hadn't
noticed until now (the ECC code is in major need of some attention,
this being just another reminder of that). If implemented, check_key
for the ECC keys would probably be quite cheap - checking the prime
field (no more than 512 bits and typically 256) and a few mod-p
multiplications to ensure the points were valid.


More information about the botan-devel mailing list