Nitrokey Pro: Indicative benchmark with surprising result. Why is decryption perf. higher than encryption perf.?

I have just benchmarked my Nitrokey Pro with a 1,7 GB file.


Encryption (done by the desktop CPU of course using the public key): 26 MB/s

Decryption (performed by the Nitrokey CPU I hope :wink:: 45 MB/s

This is a great decryption performance.

Why is the decryption performance significantly higher than the encryption performance even though I have fast desktop computer?

My test environment:

  • Intel Core i7-3770 CPU @ 3.40GHz × 8 (Intel Ivybridge Desktop)
  • Ubuntu 14.04 64 Bit
  • 16 GB RAM
  • Samsung SSD 256 GB
  • USB 2 slot for Nitrokey

Most likely this is because of your software setup. Please share more details. Perhaps if you replace the Nitrokey with a software key, you get similar results?

I am using gpg (GnuPG) version 2.0.22.

A test with a newly generated key of the same length (4096 RSA) and encryption + decryption on the computer (without Nitrokey) resulted in comparable (asymetric) results.

Even a test on a Macbook Pro on El Capitan showed almost the same results.

I cannot imagine that it is explainable by the enc/decryption algorithm but a software issue.

When I have (much) more time I will profile gpg with the perf tool of Linux to find the “bottleneck” during encryption.

BTW: The decryption speed of 45 MB/s using an USB 2.0 crypto stick “smells” like cheating since USB 2.0 can only transfer 480 MBits/s (about 60 MB/s raw speed but overhead reduces this).

If the Nitrokey were doing the complete decryption of a huge file the file would be transfered to the Nitrokey, decrypted and transfered back again completely which would allow only a max. decryption speed of 30 MB/s (ignoring the decryption overhead which is also significant).

The reason for measuing 45 MB/s is simple: Only the session key is decrypted by the Nitrokey, the file itself is decrypted by the local computer (not the Nitrokey).

This is no security breach but according to the OpenPGP specification (see!