Scott, Is this an open-source effort? (JCE Interface to OpenSSL)? i'd like to use it as well.
thanks, dims --- Scott Cantor <[EMAIL PROTECTED]> wrote: > > Some time ago (6 weeks or so) I did some performance measures (WSS4J has > > timing logs build in) and we see here that Verification/Signature > > is real time consuming, followed by public KEy encryption, followed > > by symmetrical encryption....this ordering comes with no surprise. > > > > Only the real time consumed is quite high. > > In our SAML authority, we've found it totally unscalable, and some of our > contributors have been working with native code to bridge the JCE interface > to OpenSSL. This is nice mostly because other hardware solutions based on > PKCS11 don't get a lot of vendor support on anything but Windows and > Solaris, and OpenSSL's engine layer does. JDK 1.5 has the PKCS11 support, > but it doesn't do much good if you can't get the libcryptoki you need. > > The speeds up are dramatic, and pretty much suggest Java's unusable for this > sort of thing, which is not a surprising conclusion to me. > > Note I'm talking about supporting many signatures a second. If you don't > need that, Java's fine. > > -- Scott > ===== Davanum Srinivas - http://webservices.apache.org/~dims/
