I recently tested a service that had a Digital Signature system option. At first the Digital Signatures where not enabled, and we were happily testing and getting around 500 ms response times for the service.
Then the Digital Signatures where enabled, and we had to first sign the messages sent, then the server needed to verify the signatures as well.
This turned out to be a major CPU and TIME hog, since on average, regardless of load the verification of the signature took around 200 ms to perform. This made the allover response times increase to around 700 ms for each transaction (200 ms is around 28.5% of 700 ms!).
This might not seem significant in itself, but when you have thousands of users using the site you might get a bottleneck in the signature service, slowing down an otherwise fairly well working system!
There are several things one can do in situations like this, and we are still experimenting with the options.
But here are some of my recommendations:
- Separate the Digital Signature service from the rest and place it on separate hardware. This retains the possibility to scale the service in the future.
- The service is now written in Java, and we all know that Java does not use 100% of the capabilities of the hardware, so I’d recommend rewriting this part in another faster language. Personally I like Delphi, but any language that compiles to machine code can be used.
- And lastly, I’d recommend using a well tested existing components or code for the signatures, since writing your own code to perform well and correctly is a very tricky thing. Let other people who specialize in this field write the code for you since they really know what they are doing.
There are numerous other things that can be done, but the above are perhaps the most obvious ones.