JAVA Smart Card client authentication - slow "init keystore"

Question

I'm developing an application that requires client authentication through smart-card.

The client performs a mutual SSL authentication using the smart-card.

There's an efficiency issue: the client authentication is slow. Before of any internet traffic to the web-services, there's a delay of about 6 seconds.

Here's the log:

2013-05-20 16:54:38,986 DEBUG (HttpConnection.java:692) - Open connection to *****
keyStore is : NONE
keyStore type is : pkcs11
keyStore provider is : SunPKCS11-SmartCard
init keystore

==== HERE IS A DELAY OF ABOUT 6 SECONDS!!!!

init keymanager of type SunX509

The client is running in Linux.

I'm trying various workarounds and solutions to avoid this late, but I'm thinking that is due to an internal init of the smart-card and I can't avoid.

What do you think about? Can I avoid this late in some manners?

Thanks!

Answer 1

Normally you are limited by the smart card and the PKCS#11 libraries (and possible underlying layers). You could try and see if the card and and reader are configured to use the maximum speed available. Furthermore, you can test if there is any way to cache the information on the card, or to limit the amount of data retrieved from the smart card.

Normally you are waiting for the card directory data (e.g. ISO 7816-15 compatible structures) to be read. After parsing the data (which should take a very short amount of time on a modern CPU) the certificates are normally downloaded from the card. Now this part is probably what takes most of the time, so if there is any way to cache the data on the CPU, or download only the required certificates then you are likely to gain a lot of time.

It however depends on the used libraries if and how you can do this, it is not really possible to configure this through the PKCS#11 provider (as far as I know). Ask your vendor!