NitroKey 3A Mini RSA 4096 signing performance seems poor, is this normal?

peterwilli · June 28, 2023, 8:31am

Hey there.

Recently, I set up my 3A mini and it all seems fine. However, I noticed the signing performance to be very poor. It’s not bad, but it’s certainly not as it is laid out on the spec sheet.

I’ll have a video here to demonstrate, as it’s easier to explain this way: NitroKey 3A Signing performance - YouTube

My question is: Is this normal? If so, the comparison chart makes it sound like the 3A mini is faster than the NitroKey Start, but it turns out to be slower (assuming the Start really does do it in 8 seconds).

daringer · June 28, 2023, 11:22am

Hey @peterwilli

yes, currently this is expected. The current RSA implementation is a pure (RustCrypto) software (afaik even w/o ARM optimizations) realization. We are currently working on the integration of the SE050 (an NXP secure element included in all Nitrokey 3s) as an (optional) cryptography backend, once this is included, the performance (if activated) will improve significantly.

best

peterwilli · June 28, 2023, 12:28pm

OOOOH! So the secure element has hardware crypto and does a much better job due to dedicated hardware. So awesome to read all this.

It’s refreshing to get so much details in the engineering process of a security key

D61 · July 5, 2023, 11:06pm

I have a NitroKey 3 NFC and my experience is similar to yours so I’m glad you asked this question.
My other keys from Yubico are much faster but they’re all closed source so I’d rather use a NitroKey.

I have a RSA 4096 key so @daringer’s explanation make sense.