i'm working on a Project that uses digital signature, both physical or not (smart card or file). I need to sign a hundred pieces of xml code per file, by now there are 2500 files, so it means 2500 * 100 = 250,000 times. While using a1 certificate (file) it takes 2 seconds per file. When I try smart card it takes 30 seconds per file, meaning all files would take almost 21 hours, which is tooo long. I'd like to know if anyone has ever dealt with that, btw it's Java code, a snippet follows.
Element elemento = (Element) document.getElementsByTagName(elementName).item(0);
elemento.setIdAttribute("id", true);
String id = elemento.getAttribute("id");
Init.init();
ElementProxy.setDefaultPrefix(Constants.SignatureSpecNS, "");
XMLSignature sig = new XMLSignature(document, "", XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256);
elemento.getParentNode().appendChild(sig.getElement());
{
Transforms transforms = new Transforms(document);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform(Transforms.TRANSFORM_C14N_OMIT_COMMENTS);
sig.addDocument("#" + id, transforms, "http://www.w3.org/2001/04/xmlenc#sha256");
}
XmlUtils.trimWhitespace(document);
XmlUtils.scapeChars(document);
{
X509Certificate cert = certificadoBean.getCertificate();
sig.addKeyInfo(cert);
sig.sign(certificadoBean.getPrivateKey());
}
While 30 seconds is too long for a single operation, the cheap hardware (smartcards and USB tokens) is indeed very slow, and single operation usually takes 2-3 seconds. You need to use a faster hardware device for your task. For example, industry-level PKI devices (specialized hardware accelerators and appliances) perform signing in a fraction of second.