000025598 - Fixing poor performance with HMAC or GetKey function in C#

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025598
Applies ToKey Manager Client 1.5.x
Microsoft Windows
IssueFixing poor performance with HMAC or GetKey function in C#

RKM Client C# function KMSHMACData() or KMSGetKey() takes a long time, but KMSEncrypt() or KMSDecrypt() does not.

Debug output (that is displayed when you set "kms.debug = true" in your RKM client config file), for a program that calls KMSHMACData() or KMSGetKey() repeatedly, shows that each time, the key is not being found in the cache, so RKM tries to get the key from the server:

  KMClient: HMAC - Retrieving key for Key Class 'HMACKeyClass' (id: ) 
  KMClient: Retrieving key for Key Class 'HMACKeyClass'
  Attempting to retrieve key from cache
  Attempting to retrieve from memory cache
  Attempting to retrieve from disk cache
  Failed to retrieve HMACKeyClass from cache
  KMClient: Retrieved key from server, time = 500 ms

CauseThe HMAC and GetKey functions are intended to get the current key for the key class when the key ID argument is null.  In the C# sample code, the key ID is set to empty string (""), which is not the same as null in C#.  As a result, the code does not use the proper query to search the cache, so the key cannot be found in the cache.
ResolutionChange the following line in the C# program (e.g. the C# sample hmac.cs or getkey.cs)

    /* Optional key ID */
    private static String keyID = "";


    private static String keyID = null;

According to the String Class documentation (http://msdn2.microsoft.com/en-us/library/system.string(VS.71).aspx), the empty string is not equal to a null reference:

"By definition, any string, including the empty string (""), compares greater than a null reference, and two null references compare equal to each other."

NotesMicah Mason wrote a C# test program that prints 0 ms for the operations that get keys from the cache. 
The MSDN documentation for System.Double (http://msdn2.microsoft.com/en-us/library/system.double(VS.71).aspx) says:
"If the result of a floating-point operation is too small for the destination format, the result of the operation is zero."
Legacy Article IDa35506