Were you able to try the SP math build options to see if that helped improve performance?

Thanks,
Chris

Are you able to share more details on the error that you saw for this?  Or, would it be easy to send over a simple sample app that reproduces the issue?  If so, I can help look into this further.  This may be due to a native build option that needs to change, or a higher-level JCE feature depending on the error.

We have several different math libraries available in native wolfSSL now that provide varying performance and features.  We have our normal big integer library, our fastmath library, and our newest SP Math library.  On most platforms, fastmath will be the default.  Switching over to our newer SP Math should give you performance increases for public key operations (RSA, ECDSA).

If you are uisng configure with wolfSSL, you can try the following options:

./configure --enable-sp --enable-sp-math-all <other options>

Our SP Math library does also have assembly optimizations for several platforms.  Depending on your target hardware, you may be able to add --enable-sp-asm to the above options.

Let me know if that builds OK, and what you see as far as performance goes.

Thanks!
Chris

Thank you for your response. That helped. I was able to build wolfCrypt JNI/JCE, and was able to get signing/verification working with RSA 2048. For ECDSA, public certificate loading had issues with wolfcrypt JCE, however, signing using the private key worked fine.

Regarding the performance, the signing operation was seen to be expensive with wolfcrypt JCE, while verification was faster - when compared to BCFips. Here is the output of a sample program that tested the performance differences between wolfssl and BCFips:

Signer JCA:wolfJCE version 1.0
nimbus-jose JWS RSA2048 with JWSAlgorithm RS256 [Sign] - 5.27 millis
Verifier JCA:wolfJCE version 1.0
nimbus-jose JWS RSA2048 with JWSAlgorithm RS256 [Validate] - 180.383 micros

Signer JCA:BCFIPS version 1.0002
nimbus-jose JWS RSA2048 with JWSAlgorithm RS256 [Sign] - 3.55 millis
Verifier JCA:BCFIPS version 1.0002
nimbus-jose JWS RSA2048 with JWSAlgorithm RS256 [Validate] - 621.219 micros

Are there any flags to improve the signing performance(perhaps for making use of the native code)?

Regards,
Renjith Alexander

Thanks for reaching out.  We have not tested wolfJSSE or wolfJCE with Nimbus JOSE + JWT before in-house.  Can you confirm, are you are using wolfJSSE or our cryptography provider wolfJCE?  I am not familiar enough at the moment with how Nimbus JOSE + JWT calls down into the Java Security Architecture to know if it is calling into a JCE or JSSE provider.  If you are using wolfJSSE (wolfSSL JNI/JSSE Provider), it may be worth trying to download, build, and register our JCE provider (wolfCrypt JNI/JCE) to see if that gives Nimbus access to the algorithm primitives that it is expecting.

Native wolfSSL supports RSA 2048 and SHA-256, as does wolfJSSE (in TLS cipher suites) and wolfJCE (via Signature and MessageDigest classes).

Are you able to provide more details about the project you are working on, and why you are looking to use wolfJSSE/wolfJCE in place of the default cryptography providers?

Thanks,
Chris

Nimbus jose jwt asymmetric key token signing and verification were seen to be working fine with all the other security providers that I tested.

Note: Octet key pair with Curve Ed25519 was seen to be working fine.