> Some time ago (6 weeks or so) I did some performance measures (WSS4J has > timing logs build in) and we see here that Verification/Signature > is real time consuming, followed by public KEy encryption, followed > by symmetrical encryption....this ordering comes with no surprise. > > Only the real time consumed is quite high.
In our SAML authority, we've found it totally unscalable, and some of our contributors have been working with native code to bridge the JCE interface to OpenSSL. This is nice mostly because other hardware solutions based on PKCS11 don't get a lot of vendor support on anything but Windows and Solaris, and OpenSSL's engine layer does. JDK 1.5 has the PKCS11 support, but it doesn't do much good if you can't get the libcryptoki you need. The speeds up are dramatic, and pretty much suggest Java's unusable for this sort of thing, which is not a surprising conclusion to me. Note I'm talking about supporting many signatures a second. If you don't need that, Java's fine. -- Scott
