Menu
▾
▴
Re: [Opensc-devel] Typical smartcard response times
|
From: <J.W...@mi...> - 2020-02-10 15:29:25
|
Time pkcs11-tool –module (modulename) –O takes 6.6 seconds Time pkcs11-tool –module (modulename) –O –l –pin xxxxxx takes 8,7 seconds Internal readers (Alcor Mikro 9560) in some laptops ARE noticibly slower. From: Marian Ďurkovič <md...@bt...> Sent: Monday, February 10, 2020 3:46 PM To: OpenSC Development <ope...@li...> Subject: Re: [Opensc-devel] Typical smartcard response times Tested on Linux with the same HW and here it works much better: time pkcs11-tool -login -O real 0m6.766s user 0m0.064s sys 0m0.012s Time to complete PKCS#11 function only 72 msec (instead of 575 msec on MAC): 11: C_GetAttributeValue 2020-02-10 14:45:04.525 12: C_GetAttributeValue 2020-02-10 14:45:04.597 APDU times starting from 6 msec OK, so it looks like MAC-specific problem... Any debugging possibilities on MAC? Thanks & kind regards, MD On Mon, 10 Feb 2020 09:10:38 +0100, Peter Popovec wrote > Hi > > There is a way to determine exact timing of all operations .. (linux): > > 1. using OPENSC_DEBUG=255 -> exact timing of APDUs > > 2. using tcpdump to sniff USB traffic from/to reader (modprobe usbmon, tcpdump -i usbmon1 .... ) > > 3. Oscilloscope on reader pins .. > > questions: > - how many APDUs are exchanged between card/reader (for pkcs11-tool -O... ) ? > - average time for one APDU? > > - is there some of APDUs who wants to prolong the working time ? > - algorithm in pkcs#11 library - is it efficient enough? i.e. pkcs11 requests lot of operations / data transfers from card, even so result of these operations is not really needed. > > And another reason that can lead to slowdown of card operations .. is the card accessed from exact one application ? (for example chrome/firefox may poll the card ... this can lead to deselect card or even card reset that lead to new PPS exchange etc..) > > Peter > > > > > On Mon, Feb 10, 2020 at 8:30 AM Marian Ďurkovič <md...@bt...<mailto:md...@bt...>> wrote: > > > Hello, > > > thanks for the results, if I run "time pkcs11-tool -login -p ..... -O" with Slovak eID on MAC, I get: > > > Using slot 0 with a present token (0x1) > Private Key Object; RSA > label: Podpisovy kluc > ID: 11 > Usage: sign > Access: always authenticate, sensitive, always sensitive, never extractable, local > Allowed mechanisms: RSA-PKCS > Certificate Object; type = X.509 cert > label: Certifikat k podpisovemu klucu > subject: ..... > ID: 11 > > > > > real 0m25.794s (!) > user 0m0.128s > sys 0m0.059s > Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. |
