sigtest

Only supported in FIPS 140-2 Level 2 Security Worlds.
sigtest [options]

Measures module speed using RSA or DSA signatures or signature verifications. If skew or threshold checking is enabled (they are mutually exclusive), the average number of operations per second is recorded at TIME.

If skew checking is enabled, each subsequent operation must be within SKEW of the recorded average. If the condition is not met, the application terminates

If threshold checking is enabled, the average must stay above COUNT after checking starts. If the condition is not met, the application terminates.

Option Description

Program options

-d, --decrypt

Tests the decrypt operaton.

-F, --no-failover

Doesn’t failover if the loaded key becomes unusable.

-G, --logging

Attempts audit logging. For this to succeed, all specified modules must report audit logging as active.

-j, --outstanding-jobs=COUNT

Sets the maximum number of outstanding jobs.
Default: minimum number of hardservers recommended + 1.

-L, --longjobs

Sets the LongJobs flag in crypto commands.

-n, --jobs-count=COUNT

Sets the maximum number of jobs.
Default: infinite.

-s, --sign

Tests the sign operation (default).

-t, --stop-after=LENGTH

Sets the maximum time to run, in seconds.
Default: infinite.

-v, --verify

Tests the verify operation.

-x, --keyx

Tests the key exchange operaton.

Key options

-c, --curve=CURVENAME

Uses the curve named NAME.
Default: NISTP192.

-l, --key-size=BITS

Sets the key size (default 1024).

-M, --mechanism=MECH

Uses mechanism MECH.

-p, --plain-type=TYPE

Uses plaintext type TYPE (Bignum, Hash or Bytes). The mechanism and plaintext types must be compatible with the key type.

--pairwise-check

Sets PairwiseCheck in the key generation command.

-S, --key-type=TYPE

Selects the key type to use — RSA (default), DSA, KCDSA, or ECDSA

` --strong`

For RSA, uses strong (ANSI X9.31) primes. For DSA, uses the Strict flag.

Automatic checking options

-C, --check-start=TIME

Specifies when skew or threshold checking commences, in seconds, rounded up to nearest multiple of INTERVAL.
Default: 15.

-K, --skew-check=SKEW

Turns on skew checking.

-T, --min-check=COUNT

Turns on threshold checking.

Output options

--overprint

Prints the results all on one line, using \r rather than \n.

-o, --output=FILE

Sends the output to a named file as well as to stdout.

` -r, --report-interval=INTERVAL`

Sets the statistics reporting interval in seconds.
Default: 1.

Module selection

-m, --module=MODULE

Specifies the number ID to use.
If you only have one module, MODULE is 1.
If you do not specify a module ID, sigtest uses all modules by default.

Help options

-h, --help

Displays help for sigtest.

-u, --usage

Displays a brief usage summary for sigtest.

-V, --version

Displays the version number of the Security World Software that deploys sigtest.