Change Details

tl;dr; As this is about performance I am only wishlisting this ticket. I can totally live with the results here. OCB is _really_ fast when encrypting. Which raised my expectations, but the signing time threw me off a bit as the disk IO went down by a lot also for other operations. So I wanted to document my tests at least. The notion to test this came from us bypassing gpgme callback based IO with tarballs, afterwards I had expected to see the operations to be mostly IO Bound but while testing GnuPG 2.4-master with a fast virtual disk I noticed that it was less IO Bound then I expected as contrary to previous tests on windows which I mostly did on slow disks I tried a fixed width VMDK with an NVMe controller and using Host IO Cache. This gives a throughput of about 1GB/s. I could test natively with ~5GB/s on Windows but I doubt it would change the general conclusions much. Windows Defender is turned off. 6 cores with full execution cap on a Ryzen 9 6900HX. I tried using fewer cores but that made the test results too variable. Remember this is 32 Bit windows as used in GnuPG Windows installer. Using gnupg-2.4-beta25 (10c937ee68cbf784942630115449f32cd82089fe) built with release settings for 32 bit Test data is: 4,97 GB (5.343.642.075 Bytes) split over 5 files. Timings are roughly the average of three runs. Io test / read write on the same disk > Measure-Command {mkdir 5gb2; xcopy /S .\5gb\ .\5gb2} > ~Seconds : 5.1 > Measure-Command {gpgtar --yes --skip-crypto --create -o 5gb.tar .\5gb\} > ~Seconds : 9 ^ nice 😍 I used the native Windows tar for comparison and it ended up in the same range, with some strange exception that overwriting a file took 25 seconds. > Measure-Command { gpg --yes -er ldata-test -o .\5g.tar.gpg .\5gb.tar } > (:aead encrypted packet: cipher=9 aead=2 cb=16) > ~Seconds : 9 ^ Awesome! 😍 But the default in Kleopatra is to sign and encrypt. And that ends up at: > Measure-Command { gpg --yes -su ldata-test -er ldata-test -o .\5g.tar.gpg .\5gb.tar } > :aead encrypted packet: cipher=9 aead=2 cb=16 > :onepass_sig packet: keyid 6FAF8982C209FFA8 > version 3, sigclass 0x00, digest 10, pubkey 22, last=1 > ~Seconds : 42 With the prefs from a 2.2 key, key is called cbc-test for further tests: > setpref S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1 > Measure-Command { gpg --yes -er cbc-test -o .\5g.tar.gpg .\5gb.tar } > ~Seconds : 85 With list packets this then only shows: (So is this really CBC?) > off=96 ctb=d2 tag=18 hlen=2 plen=0 partial new-ctb > :encrypted data packet: > length: unknown > mdc_method: 2 But adding signing here makes less difference: > Measure-Command { gpg --yes -su cbc-test -er cbc-test -o .\5g.tar.gpg .\5gb.tar } > ~Seconds : 105 > :encrypted data packet: > length: unknown > mdc_method: 2 > off=117 ctb=90 tag=4 hlen=2 plen=13 > :onepass_sig packet: keyid D6086C1E3CABA7FC > version 3, sigclass 0x00, digest 10, pubkey 22, last=1 Now for completeness decrypt: CBC Signed & Encrypted: 90 Seconds CBC Encrypted: 80 Seconds OCB Encrypted: 13 Seconds 🥰 OCB Signed & Encrypted: 40 Seconds Now if we could get everything down to the level of OCB Encrypted. :)

tl;dr; As this is about performance I am only wishlisting this ticket. I can totally live with the results here. OCB is _really_ fast when encrypting. Which raised my expectations, but the signing time threw me off a bit as the disk IO went down by a lot also for other operations. So I wanted to document my tests at least. The notion to test this came from us bypassing gpgme callback based IO with tarballs, afterwards I had expected to see the operations to be mostly IO Bound but while testing GnuPG 2.4-master with a fast virtual disk I noticed that it was less IO Bound then I expected as contrary to previous tests on windows which I mostly did on slow disks I tried a fixed width VMDK with an NVMe controller and using Host IO Cache. This gives a throughput of about 1GB/s. I could test natively with ~5GB/s on Windows but I doubt it would change the general conclusions much. Windows Defender is turned off. 6 cores with full execution cap on a Ryzen 9 6900HX. I tried using fewer cores but that made the test results too variable. Remember this is 32 Bit windows as used in GnuPG Windows installer. Using gnupg-2.4-beta25 (10c937ee68cbf784942630115449f32cd82089fe) built with release settings for 32 bit Test data is: 4,97 GB (5.343.642.075 Bytes) split over 5 files. Timings are roughly the average of three runs. Io test / read write on the same disk > Measure-Command {mkdir 5gb2; xcopy /S .\5gb\ .\5gb2} > ~Seconds : 5.1 > Measure-Command {gpgtar --yes --skip-crypto --create -o 5gb.tar .\5gb\} > ~Seconds : 9 ^ nice 😍 I used the native Windows tar for comparison and it ended up in the same range, with some strange exception that overwriting a file took 25 seconds. > Measure-Command { gpg --yes -er ldata-test -o .\5g.tar.gpg .\5gb.tar } > (:aead encrypted packet: cipher=9 aead=2 cb=16) > ~Seconds : 9 ^ Awesome! 😍 But the default in Kleopatra is to sign and encrypt. And that ends up at: > Measure-Command { gpg --yes -su ldata-test -er ldata-test -o .\5g.tar.gpg .\5gb.tar } > :aead encrypted packet: cipher=9 aead=2 cb=16 > :onepass_sig packet: keyid 6FAF8982C209FFA8 > version 3, sigclass 0x00, digest 10, pubkey 22, last=1 > ~Seconds : 42 With the prefs from a 2.2 key, key is called cbc-test for further tests: (later edit: This resulted in CFB + MDC) > setpref S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1 > Measure-Command { gpg --yes -er cbc-test -o .\5g.tar.gpg .\5gb.tar } > ~Seconds : 85 With list packets this then only shows: (So is this really CBC?) > off=96 ctb=d2 tag=18 hlen=2 plen=0 partial new-ctb > :encrypted data packet: > length: unknown > mdc_method: 2 But adding signing here makes less difference: > Measure-Command { gpg --yes -su cbc-test -er cbc-test -o .\5g.tar.gpg .\5gb.tar } > ~Seconds : 105 > :encrypted data packet: > length: unknown > mdc_method: 2 > off=117 ctb=90 tag=4 hlen=2 plen=13 > :onepass_sig packet: keyid D6086C1E3CABA7FC > version 3, sigclass 0x00, digest 10, pubkey 22, last=1 Now for completeness decrypt: CFB+MDC Signed & Encrypted: 90 Seconds CFB+MDC Encrypted: 80 Seconds OCB Encrypted: 13 Seconds 🥰 OCB Signed & Encrypted: 40 Seconds Now if we could get everything down to the level of OCB Encrypted. :)

tl;dr; As this is about performance I am only wishlisting this ticket. I can totally live with the results here. OCB is _really_ fast when encrypting. Which raised my expectations, but the signing time threw me off a bit as the disk IO went down by a lot also for other operations. So I wanted to document my tests at least. The notion to test this came from us bypassing gpgme callback based IO with tarballs, afterwards I had expected to see the operations to be mostly IO Bound but while testing GnuPG 2.4-master with a fast virtual disk I noticed that it was less IO Bound then I expected as contrary to previous tests on windows which I mostly did on slow disks I tried a fixed width VMDK with an NVMe controller and using Host IO Cache. This gives a throughput of about 1GB/s. I could test natively with ~5GB/s on Windows but I doubt it would change the general conclusions much. Windows Defender is turned off. 6 cores with full execution cap on a Ryzen 9 6900HX. I tried using fewer cores but that made the test results too variable. Remember this is 32 Bit windows as used in GnuPG Windows installer. Using gnupg-2.4-beta25 (10c937ee68cbf784942630115449f32cd82089fe) built with release settings for 32 bit Test data is: 4,97 GB (5.343.642.075 Bytes) split over 5 files. Timings are roughly the average of three runs. Io test / read write on the same disk > Measure-Command {mkdir 5gb2; xcopy /S .\5gb\ .\5gb2} > ~Seconds : 5.1 > Measure-Command {gpgtar --yes --skip-crypto --create -o 5gb.tar .\5gb\} > ~Seconds : 9 ^ nice 😍 I used the native Windows tar for comparison and it ended up in the same range, with some strange exception that overwriting a file took 25 seconds. > Measure-Command { gpg --yes -er ldata-test -o .\5g.tar.gpg .\5gb.tar } > (:aead encrypted packet: cipher=9 aead=2 cb=16) > ~Seconds : 9 ^ Awesome! 😍 But the default in Kleopatra is to sign and encrypt. And that ends up at: > Measure-Command { gpg --yes -su ldata-test -er ldata-test -o .\5g.tar.gpg .\5gb.tar } > :aead encrypted packet: cipher=9 aead=2 cb=16 > :onepass_sig packet: keyid 6FAF8982C209FFA8 > version 3, sigclass 0x00, digest 10, pubkey 22, last=1 > ~Seconds : 42 With the prefs from a 2.2 key, key is called cbc-test for further tests: (later edit: This resulted in CFB + MDC) > setpref S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1 > Measure-Command { gpg --yes -er cbc-test -o .\5g.tar.gpg .\5gb.tar } > ~Seconds : 85 With list packets this then only shows: (So is this really CBC?) > off=96 ctb=d2 tag=18 hlen=2 plen=0 partial new-ctb > :encrypted data packet: > length: unknown > mdc_method: 2 But adding signing here makes less difference: > Measure-Command { gpg --yes -su cbc-test -er cbc-test -o .\5g.tar.gpg .\5gb.tar } > ~Seconds : 105 > :encrypted data packet: > length: unknown > mdc_method: 2 > off=117 ctb=90 tag=4 hlen=2 plen=13 > :onepass_sig packet: keyid D6086C1E3CABA7FC > version 3, sigclass 0x00, digest 10, pubkey 22, last=1 Now for completeness decrypt: CBCCFB+MDC Signed & Encrypted: 90 Seconds CBCFB+MDC Encrypted: 80 Seconds OCB Encrypted: 13 Seconds 🥰 OCB Signed & Encrypted: 40 Seconds Now if we could get everything down to the level of OCB Encrypted. :)