kptest

Only supported in FIPS 140-2 Level 2 Security Worlds.

kptest [options]

Tests the consistency of encryption and decryption, or of signature and verification, with the RSA and DSA algorithms.

If skew or threshold checking is enabled (they are mutually exclusive), the average number of operations per second is recorded at TIME.

If skew checking is enabled, each subsequent operation must be within SKEW of the recorded average. If the condition is not met, the application terminates

If threshold checking is enabled, the average must stay above COUNT after checking starts. If the condition is not met, the application terminates.

Option Description

Option	Description
Program options
`-e, --encrypt-decrypt`	Tests the encrypt and decrypt operations. Default: for RSA.
`-i, --plain-size=SIZE`	Uses plaintext of `SIZE` sized bits. Default: `160`.
`-k, --key-regenerate=CHECKS`	Regenerates the key for every `CHECKS` number of checks. Default: never.
`-L, --longjobs`	Sets the `LongJobs` flag in crypto commands.
`-n, --jobs-count=COUNT`	Sets the maximum number of jobs. Default: infinite.
`-s, --sign-verify`	Tests the sign and verify operations. Default: for DSA/KCDSA/ECDSA.
`-t, --stop-after=LENGTH`	Sets the maximum time to run, in seconds. Default: infinite.
Key options
`-c, --curve=CURVENAME`	Uses the curve named NAME. Default: `NISTP192`.
`-l, --key-size=BITS`	Sets the key size (default 1024).
`-M, --mechanism=MECH`	Uses mechanism MECH.
`-p, --plain-type=TYPE`	Uses plaintext type TYPE (Bignum, Hash or Bytes). The mechanism and plaintext types must be compatible with the key type.
`--pairwise-check`	Sets `PairwiseCheck` in the key generation command.
`-S, --key-type=TYPE`	Selects the key type to use — RSA (default), DSA, KCDSA, or ECDSA
` --strong`	For RSA, uses strong (ANSI X9.31) primes. For DSA, uses the `Strict` flag.
Automatic checking options
`-C, --check-start=TIME`	Specifies when skew or threshold checking commences, in seconds, rounded up to nearest multiple of INTERVAL. Default: `15`.
`-K, --skew-check=SKEW`	Turns on skew checking.
`-T, --min-check=COUNT`	Turns on threshold checking.
Output options
`--overprint`	Prints the results all on one line, using \r rather than \n.
`-o, --output=FILE`	Sends the output to a named file as well as to `stdout`.
` -r, --report-interval=INTERVAL`	Sets the statistics reporting interval in seconds. Default: `1`.
Module selection
`-m`, `--module=MODULE`	Specifies the number ID to use. If you only have one module, `MODULE` is `1`. If you do not specify a module ID, `kptest` uses all modules by default.
Help options
`-h`, `--help`	Displays help for `kptest`.
`-u`, `--usage`	Displays a brief usage summary for `kptest`.
`-v`, `--version`	Displays the version number of the Security World Software that deploys `kptest`.

Program options

-e, --encrypt-decrypt

Tests the encrypt and decrypt operations.
Default: for RSA.

-i, --plain-size=SIZE

Uses plaintext of SIZE sized bits. Default: 160.

-k, --key-regenerate=CHECKS

Regenerates the key for every CHECKS number of checks.
Default: never.

-L, --longjobs

Sets the LongJobs flag in crypto commands.

-n, --jobs-count=COUNT

Sets the maximum number of jobs.
Default: infinite.

-s, --sign-verify

Tests the sign and verify operations.
Default: for DSA/KCDSA/ECDSA.

-t, --stop-after=LENGTH

Sets the maximum time to run, in seconds.
Default: infinite.

Key options

-c, --curve=CURVENAME

Uses the curve named NAME.
Default: NISTP192.

-l, --key-size=BITS

Sets the key size (default 1024).

-M, --mechanism=MECH

Uses mechanism MECH.

-p, --plain-type=TYPE

Uses plaintext type TYPE (Bignum, Hash or Bytes). The mechanism and plaintext types must be compatible with the key type.

--pairwise-check

Sets PairwiseCheck in the key generation command.

-S, --key-type=TYPE

Selects the key type to use — RSA (default), DSA, KCDSA, or ECDSA

` --strong`

For RSA, uses strong (ANSI X9.31) primes. For DSA, uses the Strict flag.

Automatic checking options

-C, --check-start=TIME

Specifies when skew or threshold checking commences, in seconds, rounded up to nearest multiple of INTERVAL.
Default: 15.

-K, --skew-check=SKEW

Turns on skew checking.

-T, --min-check=COUNT

Turns on threshold checking.

Output options

--overprint

Prints the results all on one line, using \r rather than \n.

-o, --output=FILE

Sends the output to a named file as well as to stdout.

` -r, --report-interval=INTERVAL`

Sets the statistics reporting interval in seconds.
Default: 1.

Module selection

-m, --module=MODULE

Specifies the number ID to use.
If you only have one module, MODULE is 1.
If you do not specify a module ID, kptest uses all modules by default.

Help options

-h, --help

Displays help for kptest.

-u, --usage

Displays a brief usage summary for kptest.

-v, --version

Displays the version number of the Security World Software that deploys kptest.