1 Reply by realexan

(4 replies, posted in wolfSSL)

Hi Chris,

Thank you for your response. That helped. I was able to build wolfCrypt JNI/JCE, and was able to get signing/verification working with RSA 2048. For ECDSA, public certificate loading had issues with wolfcrypt JCE, however, signing using the private key worked fine.

Regarding the performance, the signing operation was seen to be expensive with wolfcrypt JCE, while verification was faster - when compared to BCFips. Here is the output of a sample program that tested the performance differences between wolfssl and BCFips:

Signer JCA:wolfJCE version 1.0
nimbus-jose JWS RSA2048 with JWSAlgorithm RS256 [Sign] - 5.27 millis
Verifier JCA:wolfJCE version 1.0
nimbus-jose JWS RSA2048 with JWSAlgorithm RS256 [Validate] - 180.383 micros


Signer JCA:BCFIPS version 1.0002
nimbus-jose JWS RSA2048 with JWSAlgorithm RS256 [Sign] - 3.55 millis
Verifier JCA:BCFIPS version 1.0002
nimbus-jose JWS RSA2048 with JWSAlgorithm RS256 [Validate] - 621.219 micros


Are there any flags to improve the signing performance(perhaps for making use of the native code)?

Regards,
Renjith Alexander

Go to forum: wolfSSL

2 Topic by realexan

(4 replies, posted in wolfSSL)

Built wolfssl with jni and jsse on CentOs 7. Set the instance of WolfSSLProvider for signer/verifier's JCA provider of Nimbus jose jwt. It seems that there are compatibility issues with these two. Signing fails with the error "Unsupported JWS algorithm RS256"(used RSA asymmetric keys with key-length of 2048 bits). Enabling debug logs using -Dwolfssl.debug=true didn't yield any information.

Nimbus jose jwt asymmetric key token signing and verification were seen to be working fine with all the other security providers that I tested.

Note: Octet key pair with Curve Ed25519 was seen to be working fine.

Go to forum: wolfSSL