Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] signing performance

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] signing performance


Chronological Thread 
  • From: Brent Putman <>
  • To:
  • Subject: Re: [OpenSAML] signing performance
  • Date: Thu, 06 Jan 2011 15:24:01 -0500




> Does the Java implementation of signing use the same underlying C
> libraries for the crypto stuff (via JNI say) or is it implemented in Java?
>



OpenSAML just uses the Apache xmlsec (Santuario) library, which in turn
just uses the Java crypto support from the Security provider framework
(e.g. the Signature and MAC classes, etc). So the answer is: it uses
whatever Java security providers you have installed and configured in
your JVM. By default, the common JVM's (e.g. Sun, IBM, Apple) just use
software based implementations based on underlying Java libraries.
There might be some JNI based impls, and I believe there are PKCS11
impls that theoretically let you use things like HSMs and crypto
accelerators, although I've heard that with the latter, you'll have
varying degrees of success. If you get anything like that working, it'd
be nice to hear a success report.

--Brent




Archive powered by MHonArc 2.6.16.

Top of Page