KMIP Operations Performance
The test environment for Key Management Interoperability Protocol (KMIP) operations performance includes a single virtual CipherTrust Manager instance and a multithreaded KMIP client. The users that performed these operations were local users operating in the root domain.
CipherTrust Manager k570 physical appliance
CPU - 1 CPU with 4 cores
Memory - 16 GB
Hard Drive - 2 TB
KMIP Client
CPUs - 4
Memory - 16 GB
Hard Drive - 400 GB
Sar utility from the Sysstat package used to collect system data
High Level Summary
| Operation | Client Used | KMIP Object | Rate Keys/Second | CM System Metrics during Operation | Notes | Duration in Seconds |
|---|---|---|---|---|---|---|
| Create Symmetric Keys | Cryptsoft | AES256 | 436 | CPU: 85%, Memory: 11 GB | 1 million keys created | 2294 |
| Create Asymmetric Keys | Cryptsoft | RSA2048 pair | 25 | CPU: 98%, Memory: 12 GB | 10K public and 10K private keys created | 401 |
| Get Random Keys | In-house | AES256 | 86 | CPU: 98%, Memory: 12 GB | 10K keys | 116 |
| Update Keys | In-house | AES256 | 78 | CPU: 97%, Memory: 12 GB | 10K keys | 129 |
| Encrypt and Decrypt Data | In-house | AES256 | 49 | CPU: 65%, Memory: 12 GB | 10K keys | 205 |
| MAC Keys | In-house | AES256 | 93 | CPU: 99%, Memory: 12 GB | 10K keys MAC operation | 108 |
| MAC Verify Keys | In-house | AES256 | 77 | CPU: 97%, Memory: 12 GB | 10K keys MAC verify | 130 |
| Delete Keys | In-house | AES256 | 80 | CPU: 99%, Memory: 12 GB | 10K keys | 125 |
Symmetric Key Creation
This test created 1 million AES 256 keys using a KMIP client with 100 threads. Data was collected at a 5 second interval.
This operation took 2294 seconds, with a creation rate of 436 keys per second.
Asymmetric Key Creation
This test created 10000 RSA2048 keys using a KMIP client with 100 threads. Data was collected at a 5 second interval.
This operation took 401 seconds, with a creation rate of 25 keys per second.
Random Key Get
This test retrieved 10000 AES256 keys using a KMIP client with 200 threads. Data was collected at a 5 second interval.
This operation took 116 seconds, with a retrieval rate of 86 keys per second.
Key Update
This test updated 10000 AES256 keys, adding a new attribute to the keys, name=x-MyAttribute value=value1. The test used a KMIP client with 200 threads. Data was collected at a 5 second interval.
This operation took 129 seconds, with an update rate of 78 keys per second.
Encrypt and Decrypt Data
This test encrypted and then decrypted the same 64 byte data with 10000 AES256 keys using a KMIP client with 200 threads. Data was collected at a 5 second interval.
This test took 205 seconds, with a rate of 49 keys performing encryption and decryption operations per second.
Note
This measurement demonstrates the threshold of encryption and decryption requests per second that can CipherTrust Manager can reliably process. Exceeding this rate can result in CipherTrust Manager dropping requests.
MAC Keys
This test MACed 10000 AES256 keys using a KMIP client with 200 threads. Data was collected at a 5 second interval.
This operation took 108 seconds, with a hash rate of 93 keys per second.
MAC Verify Keys
This test MAC verified 10000 AES256 keys using a KMIP client with 200 threads. Data was collected at a 5 second interval.
This operation took 130 seconds, with a hash verify rate of 77 keys per second.
Delete Keys
This test deleted 10000 AES256 keys using a KMIP client with 200 threads. Data was collected at a 5 second interval.
This operation took 125 seconds, with a deletion rate of 80 keys per second.
