Yap, the best thing you can do there is have a "cache" of the used keys.
----- Original Message ----- From: "Arshad Noor" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Thursday, March 23, 2006 2:45 PM Subject: Re: Improve performance of XML Signing > It appears that opening the keystore, authenticating to it, searching > for and retreiving the right certificate uses approximately 90% of your > signing operation time (790 out of 890ms). I'm not sure how much you > can reduce this since there are a lot of things going on in this > "keystore-init" operation (you can look at the Java source code if you > want to learn exactly what's going on). One option you have for > "speeding" this up is to amortize the keystore-init time over all your > signing operations. > > What does that mean? Setup your application to provide signing as a > service. Initialize the keystore and get the certificate as part of > the initialization of the service (so that it only happens once at the > start of the application or just for the first signing operation), and > then hold the reference to the signing key in memory. > > Now all signing operations do not need to go through the keystore-init > process (until the application service is restarted) thereby "amortizing > the cost of the keystore-init operation" across all signing operations". > While it has not reduced the actual time for the keystore-init, it has > reduced it significantly in the context of what it takes to perform a > 100, 1000 or 10,000 signing operations (the more signing ops, the lower > the cost). > > Arshad Noor > StrongAuth, Inc. > > Murugan Selvaraj wrote: > > Thanks for your reply.I again drilled down my code to identify where the > > bottle-necks are.I found that the following code takes 790 Millie > > seconds > > > > Init.init(); > > //Initializing key store > > KEYSTORE = "xml/keystore.jks"; > > KEYSTORETYPE = "JKS"; > > KEYSTOREPASS = "xmlsecurity"; > > KEYALIAS = "test"; > > CERTIFICATEALIAS = "test"; > > > > Does any one have any idea how to improve the performance in this area. > > > > Thanks > > Murugan > > > > -----Original Message----- > > From: Arshad Noor [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, March 22, 2006 6:25 PM > > To: [email protected] > > Subject: Re: Improve performance of XML Signing > > > > Murugan, > > > > Characterization requires that you know more than the total time taken > > for specific operations - you need to know how much of your time is > > spent waiting for I/O, CPU, locks, etc. so that you know where to > > optimize. Knowing that signing takes a total of 890ms still does not > > indicate where you can apply resources towards improving performance. > > You need to break it down further and then determine what you want to > > improve before deciding how to improve it. > > > > Arshad Noor > > StrongAuth, Inc. > > > > Murugan Selvaraj wrote: > > > >>Yes I have you characterized the performance of the end-to-end > >>transaction > >>to determine where your bottle-necks are.The bottle-necks are signing > >>the URI of the XML document that takes 890 milliseconds (We are not > >>even signing whole XML document)using enveloped sign.I just developed > >>one sample XML file .It is taking 890 milliseconds to sign the URI.Can > >>you now tell me how to improve the performance. > >> > >>I have attached the XML document and the code below. > >>XML: > >><?xml version="1.0" encoding="UTF-8" ?> > >> <DigitalWorkFlowPacket Id="new" > >>xmlns:tools="http://www.digitalBrIdge.net/DWF/Tools/1.0"; > >>xmlns:dwf="http://www.digitalBrIdge.net/DWF/1.0"; > >>xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > >>xmlns:j="http://www.it.ojp.gov/jxdm/3.0.2"; > >>xmlns:mc="http://home.icjis.maricopa.gov/icjisschemas/MC/1.0";> > >><Signatures> > >> <Signature linkName="main"> > >> <Reference type="uri"> > >> main > >> </Reference> > >> </Signature> > >></Signatures> > >> > >><div id="main"> > >>1 > >></div> > >> > >></DigitalWorkFlowPacket> > >> > >>CODE : > >> > >>KeyStore ks = KeyStore.getInstance(KEYSTORETYPE); > >> FileInputStream fis = new > >>FileInputStream(KEYSTORE); > >> ks.load(fis, KEYSTOREPASS.toCharArray()); > >> PrivateKey privateKey = > >>(PrivateKey)ks.getKey(KEYALIAS,KEYSTOREPASS.toCharArray()); > >> > >> XMLSignature xmlSig = new XMLSignature(doc,"", > >>XMLSignature.ALGO_ID_SIGNATURE_DSA); > >> org.w3c.dom.Element sigElement = > >>xmlSig.getElement(); > >> signAttachElement.appendChild(sigElement); > >> > >> Transforms transforms = new Transforms(doc); > >> > >>transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE); > >> > >>transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS); > >> > >> xmlSig.addDocument(strURISign,transforms, > >>Constants.ALGO_ID_DIGEST_SHA1); > >> X509Certificate cert = > >>(X509Certificate)ks.getCertificate(CERTIFICATEALIAS); > >> if (cert == null) > >> { > >> throw new Exception("X509 certificate not > >>found"); > >> } > >> xmlSig.addKeyInfo(cert); > >> xmlSig.addKeyInfo(cert.getPublicKey()); > >> //System.out.println("AFTER calling"); > >> xmlSig.sign(privateKey); > >> > >>-----Original Message----- > >>From: Arshad Noor [mailto:[EMAIL PROTECTED] > >>Sent: Wednesday, March 22, 2006 5:34 PM > >>To: [email protected] > >>Subject: Re: Improve performance of XML Signing > >> > >>Have you characterized the performance of the end-to-end transaction > >>to determine where your bottle-necks are? Without that you're > > > > shooting > > > >>in the dark - i.e. you could spend a lot of time optimizing components > >>of the process and still not a dent in the overall signing time. > >> > >>Arshad Noor > >>StrongAuth, Inc. > >> > >>Murugan Selvaraj wrote: > >> > >> > >>>Hi All, > >>> > >>> > >>> > >>>We are trying to improve the performance of the XML signing done using > >> > >> > >>>apache tool kit.Can any one help and guide me on improving the > >>>performance of the signing > >>> > >>> > >>> > >>>Help would be appreciated!!! > >>> > >>> > >>> > >>>Thanks > >>> > >>>Murugan > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >> > >> > >> > > > > >
