RSA key generation is slow on ARM

[salmanisd]

I am using hydra on an arm embedded device (with postgres as backend). While overall oauth flow works fine , I have this issue after the first boot of hydra.
The generation of hydra.openid.id-token, hydra.jwt.access-token, hydra.https-tls take upto 15 min to generate which means hydra has to wait at least 15 mins to startup properly.

For testing purposes , I deleted these default RS256 generated key sets and made them using ES512 which were created immediately. Afterwards I did a restart of hydra but I get these messages

Aug 14 08:51:45 hydra[2772]: {"level":"info","msg":"Retrying in 0.400000 seconds...","time":"2020-08-14T08:51:45Z"}
Aug 14 08:51:45 hydra[2772]: {"level":"info","msg":"Retrying in 0.800000 seconds...","time":"2020-08-14T08:51:45Z"}
Aug 14 08:51:46 hydra[2772]: {"level":"info","msg":"Retrying in 1.600000 seconds...","time":"2020-08-14T08:51:46Z"}
Aug 14 08:51:47 hydra[2772]: {"level":"info","msg":"Retrying in 3.200000 seconds...","time":"2020-08-14T08:51:47Z"}
Aug 14 08:51:51 hydra[2772]: {"level":"info","msg":"Retrying in 6.400000 seconds...","time":"2020-08-14T08:51:51Z"}
Aug 14 08:51:57 hydra[2772]: {"level":"info","msg":"Retrying in 12.800000 seconds...","time":"2020-08-14T08:51:57Z"}
Aug 14 08:52:10 hydra[2772]: {"level":"info","msg":"Retrying in 15.000000 seconds...","time":"2020-08-14T08:52:10Z"}

Is there a workaround for this? I dont know why the RS256 takes that long on my device but if that doesnt work I would like to proceed with the ES512 keys.

[aeneasr]

Version?

[salmanisd]

master branch, commit 13c6753ae11b2f1be0ea81658626fe6363fd9370 from April 2, 2020.

Just realized its quite old.

[aeneasr]

Ok so you build it yourself I assume? Which Go version are you using?

[aeneasr]

golang/go#33224

[salmanisd]

I am using go 1.14.

The issue you mentioned could be the reason why I am seeing this behavior on my arm device.
Forgetting about rs256, how can I make use of es512 generated keysets? Like I mentioned above I am getting these
Aug 14 08:52:10 hydra[2772]: {"level":"info","msg":"Retrying in 15.000000 seconds...","time":"2020-08-14T08:52:10Z"} messages.

[salmanisd]

I have also tried creating my own keys using

ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub

deleting hydra.openid.id-token and then adding above keys
hydra keys import hydra.openid.id-token /tmp/jwtRS256.key /tmp/jwtRS256.key.pub --endpoint http://localhost:4445

All operations succeed but when I restart hydra I get the same "Retrying in " error message.
My idea is to disable the default rs256 key generation in hydra and either replace it with es512 or skip the default key generation all together and add it with hydra keys import.

not sure if this is possible?

[aeneasr]

This should be possible, I think there's another issue for the same problem in GitHub.

If you know Go, please feel free to look into this. I'm tracking this for v1.8

[aeneasr]

Given the lack of interest in this issue I am closing this. For anyone looking, feel free to ask/contribute to this.