Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-4105

Disable PKCS#11 hashing sign mechanism has negative performance impact

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Not needed to fix
    • Affects Version/s: EJBCA 6.2.0
    • Fix Version/s: None
    • Component/s: PKI core
    • Labels:
      None
    • Environment:
      A2 2.2.0
    • Issue discovered during:
      Testing

      Description

      /opt/ejbca/dist/clientToolBox/ejbcaClientToolBox.sh PKCS11HSMKeyTool generate /opt/p11proxy/p11proxy.so 2048 stressKey 2 -password foo123
      /opt/ejbca/dist/clientToolBox/ejbcaClientToolBox.sh PKCS11HSMKeyTool test /opt/p11proxy/p11proxy.so i2 50 stressKey -password foo123

      Building clientToolBox with "pkcs11.disableHashingSignMechanisms=true" and running the above test:
      Total # of successfully performed tests: 7223
      Total # of failed tests: 0

      1. of tests completed each second: 40.121315
      2. of tests completed each second in last period: 40.0

      Building clientToolBox with "pkcs11.disableHashingSignMechanisms=false" and running the above test:

      1. of tests completed each second: 79...

      So performance for RSA2048 is cut in half on this platform with the fix from ECA-3525.

      We should probably change the default to "true" and if possible, find a better solution on how to fix the initial reason for ECA-3525.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              lars Lars Silvén
              Reporter:
              johan Johan Eklund
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: