We were looking at some code today that pulls some encrypted information from a database and decrypts it, considering strategies to improve performance. Currently, when a certain report is run, it brings the system to its knees, pulling out each row and decrypting it.

Some tests led to the clear conclusion that the bottleneck had little to do with computing the encryption algorithm, and far more to do with a single line of code, that grabbed the SecretKey from the KeyStore. Changing the code to cache this key led to performance improvements of 1500%-3000%, depending on sample size. Performance was generally comparable whether using 3DES or AES. So if you’re seeing some performance issues in your JCE encryption/decryption code, start with the simple, and realize that getKey() can take some serious time.