trustedjava-support

[Trustedjava-support] Performance?

[Till B. <ti...@on...>]

Hello,

I have a performance problem with the key generation process and I was
wondering if someone could help me. I create a new key and assign some
policies to it. This process takes between 25 and 50 or more seconds. I use
the following code:

---
TcIPolicy keyUsagePolicy = context.createPolicyObject(
TcTssConstants.TSS_POLICY_USAGE);
keyUsagePolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN, KEY_SECRET);

TcIPolicy keyMigrationPolicy = context.createPolicyObject(
TcTssConstants.TSS_POLICY_MIGRATION);
keyMigrationPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
KEY_SECRET);

TcIRsaKey signingKey = context.createRsaKeyObject(
TcTssConstants.TSS_KEY_SIZE_2048 | TcTssConstants.TSS_KEY_TYPE_SIGNING
                | TcTssConstants.TSS_KEY_MIGRATABLE);

log.debug("Assigning Policies");     <--------------------------10:17:41,894

keyUsagePolicy.assignToObject(signingKey);
keyMigrationPolicy.assignToObject(signingKey);
signingKey.createKey(srk, null);
signingKey.loadKey(srk);

log.debug("Leaving method 'createSigningKey()'"); <---10:18:23,137
---

Next to the log.debug messages are timestamps.
I use jTssWrapper_0.3 with TouSerS 0.2.9.1

Thanks a lot.

-- 
MfG
  Till

**********************************************
      Der Benutzer ist eine nicht zu
  tolerierende Quelle der Unsicherheit
**********************************************

Re: [Trustedjava-support] Performance?

[Martin P. <Mar...@ia...>]

Hi...

Till Bentz wrote:
> I have a performance problem with the key generation process and I was
> wondering if someone could help me. I create a new key and assign some
> policies to it. This process takes between 25 and 50 or more seconds.

The TPM is not a crypto accelerator.
The TPM is designed to be manufactured cheaply.

However, actual TPM implementation varies from manufacturer to manufacturer.
Some TPMs precalculate new keys while idle and cache them, so when a
"create key" command arrives it is "fast". However, if the keycache is
empty and the TPM has to create a new 2048bit RSA key from scratch, on
a chip running only a few MHz.... well, it takes some time...

For comparison of TPM features see e.g.
  http://www.prosec.rub.de/tpmcompliance.html


HTH

-- 
Martin Pirker
IAIK, TU Graz

Re: [Trustedjava-support] Performance?

[Till B. <ti...@on...>]

Hi,

thanks for the quick reply. Would it be faster if I register the key after
creating and then load it if I need it instead of creating a new?

On 8/1/07, Martin Pirker <Mar...@ia...> wrote:
>
> Hi...
>
> Till Bentz wrote:
> > I have a performance problem with the key generation process and I was
> > wondering if someone could help me. I create a new key and assign some
> > policies to it. This process takes between 25 and 50 or more seconds.
>
> The TPM is not a crypto accelerator.
> The TPM is designed to be manufactured cheaply.
>
> However, actual TPM implementation varies from manufacturer to
> manufacturer.
> Some TPMs precalculate new keys while idle and cache them, so when a
> "create key" command arrives it is "fast". However, if the keycache is
> empty and the TPM has to create a new 2048bit RSA key from scratch, on
> a chip running only a few MHz.... well, it takes some time...
>
> For comparison of TPM features see e.g.
>   http://www.prosec.rub.de/tpmcompliance.html
>
>
> HTH
>
> --
> Martin Pirker
> IAIK, TU Graz
>
>


-- 
MfG
  Till

**********************************************
      Der Benutzer ist eine nicht zu
  tolerierende Quelle der Unsicherheit
**********************************************

Re: [Trustedjava-support] Performance?

[Saurabh A. <tan...@gm...>]

Hi Till


On 8/1/07, Till Bentz <ti...@on...> wrote:
> Hi,
>
> thanks for the quick reply. Would it be faster if I register the key after
> creating and then load it if I need it instead of creating a new?
>

of course and very much.
also I wud appreciate if you can try to load a registered key and tell
whether you encountered a problem( like i did) using wrapper and
trousers.

best
Saurabh

Re: [Trustedjava-support] Performance?

[Till B. <ti...@on...>]

On 8/1/07, Saurabh Arora <tan...@gm...> wrote:
>
> Hi Till
>
>
> On 8/1/07, Till Bentz <ti...@on...> wrote:
> > Hi,
> >
> > thanks for the quick reply. Would it be faster if I register the key
> after
> > creating and then load it if I need it instead of creating a new?
> >
>
> of course and very much.
> also I wud appreciate if you can try to load a registered key and tell
> whether you encountered a problem( like i did) using wrapper and
> trousers.


I now create a key, then register it and load it via the Uuid. It is much
faster and I did not encounter any problems so far.

best
> Saurabh
>



-- 
MfG
  Till

**********************************************
      Der Benutzer ist eine nicht zu
  tolerierende Quelle der Unsicherheit
**********************************************