Re: [Opensc-devel] Typical smartcard response times

[<J.W...@mi...>]

for linux, there is also something else you can do:
Do an strace of the complete command (exporting a certificate, or signing some data) and write the result to file.
Ofcourse this is far slower than when working normally, but can disclose “some unexpected” behavior.

I noticed that our proprietary middleware is re-reading its own configuration file several thousand times. Very time consuming.

From: Peter Popovec <pop...@gm...>
Sent: Monday, February 10, 2020 9:11 AM
To: OpenSC Development <ope...@li...>
Subject: Re: [Opensc-devel] Typical smartcard response times

Hi


There is a way to determine exact timing of all operations .. (linux):

1. using OPENSC_DEBUG=255 -> exact timing of APDUs
2. using tcpdump to sniff USB traffic from/to reader (modprobe usbmon, tcpdump -i usbmon1 ....  )
3. Oscilloscope on reader pins ..

questions:
- how many APDUs are exchanged between card/reader (for pkcs11-tool -O... ) ?
- average time for one APDU?
- is there some of APDUs who wants to prolong the working time ?
- algorithm in pkcs#11 library - is it efficient enough? i.e.  pkcs11 requests lot of operations / data transfers from card, even so result of these operations is not really needed.

And another reason that can lead to slowdown of card operations ..  is the card accessed from exact one application ? (for example chrome/firefox may poll the card ... this can lead to deselect card or even  card reset that lead to new PPS exchange etc..)

Peter




On Mon, Feb 10, 2020 at 8:30 AM Marian Ďurkovič <md...@bt...<mailto:md...@bt...>> wrote:
Hello,

thanks for the results, if I run "time pkcs11-tool -login -p ..... -O" with Slovak eID on MAC, I get:

Using slot 0 with a present token (0x1)
Private Key Object; RSA
  label:      Podpisovy kluc
  ID:         11
  Usage:      sign
  Access:     always authenticate, sensitive, always sensitive, never extractable, local
  Allowed mechanisms: RSA-PKCS
Certificate Object; type = X.509 cert
  label:      Certifikat k podpisovemu klucu
  subject:   .....
  ID:         11

real    0m25.794s  (!)
user    0m0.128s
sys    0m0.059s


Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.