Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lookups of specific keys are too slow #680

Closed
nomis opened this issue Aug 14, 2022 · 1 comment · Fixed by #681
Closed

Lookups of specific keys are too slow #680

nomis opened this issue Aug 14, 2022 · 1 comment · Fixed by #681

Comments

@nomis
Copy link
Contributor

nomis commented Aug 14, 2022

The OpenDNSSEC ods-hsmutil list command is extremely slow.

First it does a lookup of all private keys using C_FindObjects* which takes 2-3 seconds because there are over 300 of them.

Then it does a lookup of the public key corresponding to each private key using C_FindObjects* which takes 2-3 seconds per key because it goes through all of the keys again.

There doesn't appear to be a better PKCS#11 API for doing this so HSMs must be expected to have faster lookup processes, at least when a specific key ID is provided.

The list command can be improved but key access shouldn't take 2+ seconds.
@nomis
Copy link
Contributor Author

nomis commented Aug 14, 2022

For normal key access it will take 4-5 seconds because it does a lookup by ID for the private key and then for the public key.

@nomis nomis mentioned this issue Aug 14, 2022
Open
@nomis nomis mentioned this issue Aug 16, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix severe peformance issue accessing keys nomis/SoftHSMv2
1 participant
@nomis