ods-hsmspeed man page

ods-hsmspeed — OpenDNSSEC HSM speed tester


ods-hsmspeed [-c config] -r repository [-i iterations] [-s keysize] [-t threads]


The ods-hsmspeed utility is part of OpenDNSSEC and can be used to test the performance of the configured HSMs.

The components of OpenDNSSEC do not talk directly to the HSMs, but uses  an internal library called libhsm. It then talks to the HSMs using PKCS#11.  The libhsm simplifies the process of creating keys and signatures for the other components of OpenDNSSEC.

ods-hsmspeed will measure the speed by using the libhsm. The result that you  get is somewhat lower than what the manufactures promises, because the libhsm creates some overhead to the pure PKCS#11 environment.


-c config

Path to an OpenDNSSEC configuration file.

(defaults to /etc/opendnssec/conf.xml)

-i iterations

Specify the number of iterations for signing an RRset. A higher number of iterations will increase the performance.

(defaults to 1 iteration)

-r repository

The speed test will be performed on this repository.

-s keysize

A temporary RSA key with the given keysize will be used for signing.

(defaults to 1024 bit)

-t threads

The number of threads to use. Most HSMs will be utilized better with multiple threads.

(defaults to 1 thread)

See Also

ods-auditor(1), ods-control(8), ods-enforcerd(8), ods-hsmutil(1), ods-kaspcheck(1), ods-ksmutil(1), ods-signer(8), ods-signerd(8), ods-timing(5), opendnssec(7), http://www.opendnssec.org/


ods-hsmspeed was written by Jakob Schlyter and Nominet as part of the OpenDNSSEC project.

Referenced By

ods-control(8), ods-enforcerd(8), ods-getconf(8), ods-hsmutil(1), ods-kaspcheck(1), ods-ksmutil(1), ods-signer(8), ods-signerd(8), ods-timing(5), opendnssec(7).

February 2010 OpenDNSSEC ods-hsmspeed