[ https://issues.apache.org/jira/browse/MJARSIGNER-72?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Elliotte Rusty Harold updated MJARSIGNER-72: -------------------------------------------- Fix Version/s: 3.1.0 > Parallel signing for increased speed > ------------------------------------ > > Key: MJARSIGNER-72 > URL: https://issues.apache.org/jira/browse/MJARSIGNER-72 > Project: Maven Jar Signer Plugin > Issue Type: New Feature > Affects Versions: 3.0.0 > Reporter: Lennart Schedin > Priority: Minor > Labels: performance > Fix For: 3.1.0 > > > *Background:* > As of June 1 2023, a new industry standard mandates the storage of private > keys used for code signing on external hardware devices. Refer to > [https://knowledge.digicert.com/general-information/new-private-key-storage-requirement-for-standard-code-signing-certificates-november-2022] > for details. Various devices, from the Thales SafeNet USB eToken (about > $30), Yubico YubiHSM 2 FIPS (about €1000) up to Thales Luna S700 Series > (about €30000) can store these keys. Cloud-based HSM solutions (like DigiCert > KeyLocker ($90/year)) also exist. > > This ticket primarily targets HSM as a service but could benefit network > attached HSM solutions as well. > > *Problem:* > Using the {{jarsigner:sign}} goal it is possible to specify > {{{}archiveDirectory{}}}, that points to a directory with many jar files. > This is useful for signing every dependency the project has. > > Using the DigiCert Keylocker HSM as a service I measured that it took 240 > seconds to sign 128 jar files. I was in Sweden and the DigiCert Keylocker > service is in USA. The response time of server is about 500 to 700 ms > (without any login and without any signing). > > I created a quick parallel hack (using the Linux command parallel) that used > 8 threads and it took only 31 seconds. That is: for this specific HSM service > it scales linearly with the number of threads used. > > *To implement:* > I propose to implement a parallelization for maven-jarsigner-plugin that can > be used when signing many jar files at once. > > The configuration for this could be a new parameter named {{threadCount}} > (with user property {{{}jarsigner.threadCount{}}}) with default to 1 (no > parallelization). -- This message was sent by Atlassian Jira (v8.20.10#820010)