I'd have to check the details, but I think the reason a symmetric key is generated for each message is that if one key is compromised (via brute force or whatnot) it cannot be used to decrypt other messages as well. So I believe this is actually a feature.
Hadrian On Jun 15, 2010, at 5:48 PM, Christian Müller wrote: > Hello list! > > Each time the marshal/unmarshal method of > 'org.apache.camel.dataformat.xmlsecurity.XMLSecurityDataFormat' [1] is > called, the key encryption key and the data encryption key (only for > marshaling) will be created. I think these 'java.security.Key' objects could > be generated once and reused by subsequent calls. I made a little test which > marshals a xml document 1000 times. Without caching of the keys, the test > needs 2200 ms. With caching, the test needs only 800 ms. What do you think? > > Christian
