HSM - cryptoki - opening sessions overhead

I am having a query regarding sessions with HSM.

I am aware that there is an overhead if you initialise and finalise the cryptoki api for every file you want to encrypt/decrypt.

My queries are,

1. Is there an overhead in opening and closing individual sessions for every file, you want to encrypt/decrypt.(C_Initialize/C_Finalize)

2. How开发者_如何学运维 many maximum number of sessions can i have for a HSM simultaneously, with out affecting the performance?

3. Is opening and closing the session for processing individual files the best approach or opening a session and processing multiple files and then closing the session the best approach?

Thanks

First and foremost, PKCS#11 spec has pretty extensive documentation under general overview about threads, applications and sessions.

Secondly, it depends on your HSM hardware and PKCS#11 module implementation. How does your PKCS#11 provider represent slots? Do you use the same key all the time? What are the authentication mechanisms for the key?

1. How to use C_Initialize (and C_Finalize) is extensively covered in the PKCS#11 spec
2. Number of sessions depends on the PKCS#11 implementation, see ulMaxSessionCount in CK_TOKEN_INFO

Try with a single session. Are you sure your bottleneck will be the session handling?

The best approach is definitely to open the session once per application start. I.e. there's no reason to close the session while your application works -- the session is private to your application and no other application can use it to access and use the device if you opened the session.

There is overhead in opening and closing sessions(from my experiments). Its better not to open individual sessions for each file.

Update: From my vendor:

There is no limit or specified number of the session that you can open on a token however it could be many thousand.

It depends on what you are doing and how it is consuming the RAM of the appliance. Opening too many sessions and creating too many session objects that reaches to the limit that a RAM can hold will definitely affect the performance of the appliance.

Thanks