-
Notifications
You must be signed in to change notification settings - Fork 204
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Slow PKCS #12 generation #403
Comments
I would also have high interest in a fix :D |
I confirm that there is an issue with the implementation of the makePKCS12B2Key function.
We need to identify the cause of the slowdown and fix it. I will work on this. |
I made a small optimization to the code and managed to double the performance. However, it seems that the main cause is the implementation of WebCrypto. If you run the following script in the browser: async function test() {
const iterations = 6e5;
const data = new Uint8Array(4);
console.time("browser");
for (let i = 0; i < iterations; i++) {
await crypto.subtle.digest("SHA-256", data);
}
console.timeEnd("browser");
} it completes in 14 seconds. The NodeJS implementation using the Crypto API finishes in 3 seconds. |
That sounds unfortunate, since I am running it in the browser. Thanks for your investigation so far, I am looking forward for a potential fix. |
I have just implemented a custom SHA-256 mechanism and used it instead of WebCrypto. This has significantly improved the execution speed, bringing it closer to the performance of the NodeJS Crypto API.
I am considering applying this approach (adding custom SHA mechanisms) in CryptoEngine to address the performance issue. |
@microshine but 3s also seems to be a very long time compared to openssl right? |
Yes, it is longer compared to OpenSSL, but I don't see a way to make it faster. Running 600K iterations with hash calculations using the native NodeJS Crypto API, which leverages OpenSSL, takes a couple of seconds. I have prepared an update that addresses the speed issue in the function, and it now completes in 2 seconds: |
I have published a new version v3.2.0 |
@microshine Thanks a lot, works very smooth now. |
PKCS #12 generating with 600k iterations with code below (similar to
openSSLLike example
) takes 49-60s (tested in Firefox 115.9.1esr 64bit and Chromium 90 64-bit). Tested that most of the execution time is eaten by lastmakeInternalValues
call (integrity protection envelope).PKCS #12 generating with 600k iterations on same machine with openssl 3 from Debian 12 takes less than 1s:
Is it expected or PKI.js bug?
PKCS #12 generation function code using PKI.js (
PBKDF2_ITERATION_COUNT
is set to600000
during test):The text was updated successfully, but these errors were encountered: