Menu
▾
▴
Re: [SignServer-develop] HSM slow
|
From: Markus K. <ma...@pr...> - 2014-03-18 14:35:52
|
On 2014-03-18 14:10, Luis Maia wrote: > > Em 18/03/2014 09:10, "Markus Kilås" <ma...@pr... > <mailto:ma...@pr...>> escreveu: >> >> On 2014-03-18 09:32, Antoine Louiset wrote: >> > call the getKeystore() method because the private key changes for every >> > signing. > >> Yes, a quick look in the CESeCore code seems to show that after >> activation the keystore is cached. So I believe it is likely that >> upgrading to SignServer 3.5 would resolve this issue for you. > > I am not so sure that caching is a solution, because the keystore would > return the cached private key... In SignServer 3.5 (or if it was 3.4) we have the option to actually cache the PrivateKey instance which gives a different performance as compared to the normal way the getPrivateKey() method obtains the key (from the keystore) so I don't think the PrivateKey is completely cached only because the KeyStore is. Anyway, would it be a problem if the PrivateKey was cached? // Markus > > Maybe casting the pkcs11 provider to authprovider and calling the method > logout() will produce the desired result if the underlying > implementation honors the session invalidation (some pkcs11 middleware > is buggy). > > You won't need to instantiate a new keystore then. > -- Kind regards, Markus Kilås PKI Specialist PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
