[
Lists Home |
Date Index |
Thread Index
]
> Does encryption and digital signing increase the need for bandwidth or
> the need for CPU power and battery life?
Well, let's see. For an RSA signature (most common; we'll ignore Kerberos
or other shared-secret HMAC stuff), the binary signature will be the same
as the key size; call it 1K bits. Then you have to make it base64 and wrap a
few tags and identifying information around it, so call it 250 bytes.
If you add the cert call it 2K bytes; if you add just a ref to the cert
that the recipient can decode, call it 350 bytes.
For XML Encryption, the session key will be RSA encrypted, which is same
as the signature. Then the data itself will end up as binary, which then
needs to be base64, so assume the data grows by 4/3 in addition to the key
exchange.
So that's the data size. For processing, decryption isn't bad. You need
to decrypt the key, then decrypt the bulk data. Most bulk encryptions are
pretty efficient these days; the AES in particular had that as a design goal.
Verifying an XML signature is harder. You typically have to canonicalize
the input and run it through SHA1 digest. Doing c14n is fairly expensive;
you have to pretty much walk your parse tree (or stream and output) a
second time.
As for battery life? Well, a typical laptop can probably handle XML
signature and encryption okay, but only because the load is human-driven.
But for a server? You want what we sell. :) We're the fastest XML security
devices around. I mention that not just because I'm watching _American
Chopper_ on TV right now, but because speed is a security *enabler.*
If things are too slow, you can't afford to do things like schema validation
and crypto, and you really want to do them...
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
|
