ods-hsmspeed (1) - Linux Manuals

ods-hsmspeed: OpenDNSSEC HSM speed tester


ods-hsmspeed - OpenDNSSEC HSM speed tester


ods-hsmspeed [-c config] -r repository [-i iterations] [-s keysize] [-t threads]


The ods-hsmspeed utility is part of OpenDNSSEC and can be used to test the performance of the configured HSMs.

The components of OpenDNSSEC do not talk directly to the HSMs, but uses an internal library called libhsm. It then talks to the HSMs using PKCS#11. The libhsm simplifies the process of creating keys and signatures for the other components of OpenDNSSEC.

ods-hsmspeed will measure the speed by using the libhsm. The result that you get is somewhat lower than what the manufactures promises, because the libhsm creates some overhead to the pure PKCS#11 environment.


-c config
Path to an OpenDNSSEC configuration file.

(defaults to /etc/opendnssec/conf.xml)

-i iterations
Specify the number of iterations for signing an RRset. A higher number of iterations will increase the performance.

(defaults to 1 iteration)

-r repository
The speed test will be performed on this repository.
-s keysize
A temporary RSA key with the given keysize will be used for signing.

(defaults to 1024 bit)

-t threads
The number of threads to use. Most HSMs will be utilized better with multiple threads.

(defaults to 1 thread)


ods-hsmspeed was written by Jakob Schlyter and Nominet as part of the OpenDNSSEC project.