Menu
▾
▴
Re: [Opensc-devel] Typical smartcard response times
|
From: <md...@bt...> - 2020-02-09 17:12:42
|
On Sun, 9 Feb 2020 15:33:36 +0100, Ludovic Rousseau wrote > Le dim. 9 févr. 2020 à 14:32, Pali Rohár <pal...@gm...> a > écrit : > > > > On Sunday 09 February 2020 13:53:46 Ludovic Rousseau wrote: > > > Le dim. 9 févr. 2020 à 10:25, Marian Ďurkovič <md...@bt...> a écrit : > > > > > Is this expected behaviour? What are typical response times for other smartcards? > > > > > > The speed depends on many factors. One of them is the speed between > > > the card and the reader. > > > Some cards are faster than others. > > > Some readers are faster than others. > > > > > > What is the ATR of your cards? > > > > Hello! > > > > In OpenSC project on github is already an open issue for Slovak eID > > cards: https://github.com/OpenSC/OpenSC/issues/208 > > > > There is also posted ATR of a card. > > ATR from the github issue is 3B DF 18 00 81 31 FE 58 00 31 B9 64 05 0E > 01 00 73 B4 01 D3 00 00 00 22 > https://smartcard-atr.apdu.fr/parse?ATR=3BDF18008131FE580031B964050E010073B401D300000022 > > So a TA1 of 0x18 > https://ludovicrousseau.blogspot.com/2016/04/atr-statistics-ta1-global- > encodes-fi.html Fi=372, Di=12, 31 cycles/ETU (129032 bits/s at 4.00 > MHz, 161290 bits/s for fMax=5 MHz) > > 129032 bits/s s not terribly fast. > The reader you use, Gemalto PC Twin Reader, can do dwMaxDataRate: > 344086 bps https://ccid.apdu.fr/ccid/readers/GemPCTwin.txt > > My next point is the card processing speed. Maybe the card OS and > application is slow. > > Or maybe OpenSC (and the official driver) is sub-optimal. > But that is a lot of work to work on that. Thanks for the info - yes, ATR is exactly as mentioned above. It's quite strange, since there is very little difference in response times for common functions regardless of result size: - C_GetAttributeValue for CKA_ID (i.e. just a few bytes) takes 571 msec - C_GetAttributeValue for CKA_VALUE (2048 bytes certificate) takes 580 msec - C_FindObjectsInit+C_FindObjects also takes 576 msec Any tips what to look for (on MAC)? The above is a serious problem with some applications - for example signing a document in Acrobat results in 2.5 minutes of waiting, since after C_Sign completes, Acrobat tries to verify the signature and pulls all 3 certificates from eID 6 times (once for each level in certification hierarchy). Perhaps I should try to modify pkcs11-spy.so into a caching library, serving repeated requests for static objects from memory cache and not from slow eID card... Thanks & kind regards, MD |
