signserver-develop Mailing List for SignServer (Page 9)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On 2014-05-29 21:35, Antoine Louiset wrote:
> Hi Markus !
> 
> It works now. Thanks a lot, when the keys are already generated, the
> signatures are immediate.
> 
> The key generation is quite long and it seems that it depends to the
> number of keys present in the HSM. In the case of PKCS11Cryptotoken, the
> key generation is done by Cesecore.
> 
> Do you know if I could accelerate this process ? Do you know if keys are
> reload systematically just for generation ? Could the shared library
> responsible of that ?

I made a quick look through the code, see below some of the noteworthy
methods called. The only think I discovered that would cause the time to
increase with an increased number of keys is in
P11KeyStore.engineSetEntry where it iterates over existing keys to check
that the new key alias does not already exist. Not sure if this could be
the reason though. I could also have missed something.

---
cesecore.PKCS11CryptoToken.generateKeyPair(keySpec,alias)
  -> cesecore.KeyStoreTools.generateKeyPair(keySpec, alias);
    KeyPairGenerator.getInstance(algorithm, this.providerName)
    kpg.initialize(spec);
    -> generateKeyPair(kpg, keyEntryName, sigAlg);
      KeyPair keyPair = kpg.generateKeyPair()
      -> setKeyEntry(keyEntryName, keyPair.getPrivate(),chain);
        KeyStore.setKeyEntry(alias, key, null, chain);
           -> keyStoreSpi.engineSetKeyEntry(alias,key,password,chain);
            -> P11KeyStore.engineSetEntry(alias, entry, PasswordProt);
            Iterates over existing aliases.
            -> storePkey(alias, pke)
              -> storeChain(alias, X509Certificate[]);
---

Let me know if you make some more progress.

Cheers,
Markus

> 
> Thanks !
> 
> 
> Antoine
> 
> Le 29/04/2014 11:48, Antoine Louiset a écrit :
>> Call activation method of the cryptotoken
> 

-- 
Kind regards,
Markus Kilås
PKI Specialist

PrimeKey Solutions AB

Anderstorpsv. 16
171 54 Solna
Sweden

Phone: +46 70 424 94 85
Skype: markusatskype
Email: mar...@pr...

www.primekey.se

2008	Jan (1)	Feb (4)	Mar	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov (4)	Dec
2009	Jan (2)	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep	Oct (1)	Nov (4)	Dec
2010	Jan (1)	Feb	Mar	Apr (4)	May	Jun (1)	Jul	Aug	Sep	Oct	Nov	Dec
2011	Jan	Feb	Mar	Apr	May	Jun (1)	Jul (1)	Aug	Sep	Oct	Nov	Dec (3)
2012	Jan (1)	Feb (8)	Mar (10)	Apr	May (12)	Jun (2)	Jul (28)	Aug (15)	Sep (12)	Oct (2)	Nov	Dec (16)
2013	Jan (30)	Feb (1)	Mar	Apr (11)	May (2)	Jun (11)	Jul (15)	Aug (4)	Sep (1)	Oct (10)	Nov (1)	Dec (2)
2014	Jan (8)	Feb (13)	Mar (12)	Apr (24)	May (2)	Jun (1)	Jul (1)	Aug	Sep (2)	Oct (1)	Nov (2)	Dec (1)
2015	Jan (3)	Feb (6)	Mar	Apr	May (7)	Jun (7)	Jul (3)	Aug (5)	Sep (1)	Oct (8)	Nov (6)	Dec
2016	Jan	Feb (3)	Mar (5)	Apr (9)	May (26)	Jun (8)	Jul	Aug	Sep (11)	Oct (8)	Nov (1)	Dec (2)
2017	Jan (4)	Feb (7)	Mar (7)	Apr (4)	May (1)	Jun (5)	Jul (3)	Aug (3)	Sep (1)	Oct (4)	Nov (5)	Dec (1)
2018	Jan (4)	Feb (1)	Mar (1)	Apr (1)	May	Jun (1)	Jul	Aug	Sep	Oct	Nov	Dec
2019	Jan	Feb (1)	Mar (2)	Apr (1)	May	Jun	Jul	Aug	Sep (1)	Oct	Nov (2)	Dec
2020	Jan (3)	Feb	Mar (2)	Apr (3)	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2021	Jan	Feb	Mar	Apr (1)	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2022	Jan	Feb	Mar	Apr	May	Jun (2)	Jul	Aug	Sep (1)	Oct	Nov	Dec (1)
2023	Jan	Feb	Mar	Apr	May	Jun	Jul (1)	Aug	Sep	Oct	Nov	Dec (1)
2025	Jan	Feb (1)	Mar	Apr (1)	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec