Re: [Opensc-devel] Typical smartcard response times

[<md...@bt...>]

Hello,

thanks for the results, if I run "time pkcs11-tool -login -p ..... -O" with Slovak eID on MAC, I get:

Using slot 0 with a present token (0x1)
Private Key Object; RSA 
  label:      Podpisovy kluc
  ID:         11
  Usage:      sign
  Access:     always authenticate, sensitive, always sensitive, never extractable, local
  Allowed mechanisms: RSA-PKCS
Certificate Object; type = X.509 cert
  label:      Certifikat k podpisovemu klucu
  subject:   .....
  ID:         11

real    0m25.794s  (!)
user    0m0.128s
sys    0m0.059s

and function calls follow like this:

10: C_GetAttributeValue
2020-02-10 08:24:59.048

11: C_GetAttributeValue
2020-02-10 08:24:59.626

12: C_GetAttributeValue
2020-02-10 08:25:00.202

13: C_GetAttributeValue
2020-02-10 08:25:00.777

The same happens also with official eID pkcs11 library...

With kind regards,

MD

On Mon, 10 Feb 2020 07:53:51 +0100, Peter Popovec wrote

> Hi,
> 
> Response time depends on card/reader, communication speed (card-reader) is not really important .... example for two readers, two cards:
> 
> Readers used for tests:
> 
> This reader run at 4.8MHz
> 
> $ opensc-tool -l 
> # Detected readers (pcsc)
> Nr.  Card  Features  Name
> 0    Yes             Gemalto PC Twin Reader (031048A2) 00 00
> 
> This reader run at 3.7MHz 
> 
> $ opensc-tool -l
> # Detected readers (pcsc)
> Nr.  Card  Features  Name
> 0    No              Alcor Micro AU9560 00 00
> 
> It can be expected that gemalto reader will be faster than alcor ..  (in ratio 4.8:3.7)  but please check results below....
> 
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 
> ATR: 3B F5 96 00 00 81 31 FE 45 4D 79 45 49 44 14 
> 
> MyEID 4.0.1 at  250000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 312500 bits/s
> 
> $ time pkcs11-tool -O
> Using slot 0 with a present token (0x0)
> Public Key Object; RSA 1024 bits
>   label:      1024
>   ID:         5ce20cc5323aae9fbc376c46e4b151bf63af049b
>   Usage:      encrypt, verify, wrap
>   Access:     none
> Public Key Object; EC  EC_POINT 256 bits
>   EC_POINT:   044104d9eefc471020c11fe2669e6fb53c64e8b77a1c0986a5006bced3a62348e4d0702faec486333e1bbd2cf4d9d6b04e74a6633f1fcafe74decea48ac2de58984059
>   EC_PARAMS:  06082a8648ce3d030107
>   label:      
>   ID:         ef5e53813f8cbafcc971fc4ad85824abce67f2da
>   Usage:      verify
>   Access:     none
> 
> // gemalto
> 
> real    0m2.490s
> user    0m0.008s
> sys     0m0.016s
> // alcor
> real    0m2.646s
> user    0m0.008s
> sys     0m0.012s
> 
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 
> ATR: 3B F5 18 00 02 10 80 4F 73 45 49 44 
> 
> OsEID card, 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
> 
>  $time pkcs11-tool -O
> Using slot 0 with a present token (0x0)
> Public Key Object; RSA 1024 bits
>   label:      key_1024
>   ID:         64f282187ba98229e1112c50e1aeb03f962a116d
>   Usage:      encrypt, verify, wrap
>   Access:     none
> Public Key Object; EC  EC_POINT 256 bits
>   EC_POINT:   044104219708c09cba1c64b0b93c531cdd4f14f3a8771363b5f8400fce5b29f6d8672bd3b14a8f2ed72498d4fbc3129c3e49ea55f6e8f97bf0117b57963df045013d75
>   EC_PARAMS:  06082a8648ce3d030107
>   label:      Private Key
>   ID:         c49daee3660e5c513a8e1ed9270375afb888025a
>   Usage:      verify
>   Access:     none
> 
> //gemalto
> 
> real    0m1.837s
> user    0m0.012s
> sys     0m0.016s
> // alcor
> 
> real    0m1.992s
> user    0m0.016s
> sys     0m0.008s
> 
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 
> Another test, pkcs15-tool -D  (5 RSA keys on OsEID/MyEID 4.0.1) card took 1.9/2.8 sec... 
> 
> Peter
> 
> On Sun, Feb 9, 2020 at 10:25 AM Marian Ďurkovič <md...@bt...> wrote:
> Hi all,
> 
> during experiments with Slovak eID cards it became apparent, that every single operation takes > 500 msec.
> 
> When the eID is not inserted in USB reader, everything works quite fast:
> 
> time pkcs11-tool --module /Library/OpenSC/lib/pkcs11-spy.so -L
> Available slots:
> Slot 0 (0x0): Gemalto PC Twin Reader
>   (empty)
> 
> real    0m0.060s
> user    0m0.007s
> sys     0m0.009s
> 
> However, as soon as the eID is inserted, it changes significantly:
> 
> real    0m2.586s
> user    0m0.053s
> sys     0m0.046s
> 
> Spy library shows, that with inserted eID, every single operation (C_Initialize, C_GetSlotList, C_GetSlotInfo, C_GetTokenInfo) takes > 500 msec. The same happens with official drivers.
> 
> As a result, the whole procedure to e.g. pull a certificate from this eID takes about 7 seconds...
> 
> Is this expected behaviour? What are typical response times for other smartcards?
> 
> Thanks & kind regards,
> MD
> 
> _______________________________________________
> Opensc-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>