-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Asynchronous Signing in IJwsAlgorithm interface #218
Comments
Hi @AliKhalili , well, most of crypto primitives that library is using are inherently synchronous and calling thread will be blocked somewhere anyway. Even if What's your thoughts if you using AWS KMS in your project, how you envision ideal interface to library? |
Hi @dvsekhvalnov , Thank you for your response. I appreciate your openness to discussing this matter further. While it is true that the majority of scenarios may be synchronous, it is becoming increasingly common for developers to expect asynchronous interfaces, especially in scenarios where cloud services(Cloud key management, Cloud HSM) are involved. On the other hand, as you mentioned, the majority of the consumers are not expected to use the asynchronous methods, so it does not make sense to update the interface to make all methods asynchronous(in some cases it would be nearly impossible to change a legacy code base to be async and works without any problem). Therefore, I would recommend providing both synchronous and asynchronous versions of each method. This allows consumers to choose which version they want to use based on their needs. |
Would you mind draft one (async |
Thank you for your response. That would be great to do that. However, I would like to conduct further investigation on the matter before proceeding with any implementation or discussion of specific solutions. I've also noticed a similar issue with dotnet BCL when attempting to generate CSR( I will take some time to review the issue more thoroughly and explore potential solutions. |
Sure @AliKhalili , feel free to come back with your ideas, always welcome. I'll try to play with async idea too. |
Hello, I want to use Azure Key Vault to wrap/unwrap CEKs in a custom implementation of |
Hi @nfogg , unfortunately there were never any progress on this one. Before considering the feature, would be interesting to see sketches how async SDK can look like client wise. E.g. how you expect to use library async? |
Hello @dvsekhvalnov, I also discovered it is unnecessary for the wrapping/unwarpping task in my use-case. To solve the problem, my app does the Key Vault work before calling the SDK and then provides the prepared data as the encryption key parameter, which a custom implementation of |
Description
Currently, the
IJwsAlgorithm
interface does not support asynchronous signing, but the AWS KMS Client has implemented the Sign method in an async manner. As a result, when implementing a custom signing algorithm that uses the KMS Client as the underlying method for actual signing, the current solution involves blocking the calling thread using theGetResult()
method. This approach may lead to resource starvation and deadlock if the workload is high.To enable non-blocking signing using AWS KMS Client, we need to add support for asynchronous signing in the
IJwsAlgorithm
interface.any thoughts or comments, please?
The text was updated successfully, but these errors were encountered: