Local API payment request with encryption generates key on every Encrypt

[mvdzwaan]

When using the TerminalApiLocalService.RequestEncryptedAsync the current library generates the needed encrypt keys for each request.

Looking at the EncryptionDerivedKeyGenerator.Generate method, this methods creates the same key on each call, while still performing a Rfc2898DeriveBytes with 4000 iterations.

Could we improve performance of all calls by using a static key which only gets created once ?

Performance is not much of an issue when starting a payment, but when using VirtualReceipts we would like this call to be as performant as it can be.

[Kwok-he-Chu]

That makes sense

Affected classes:

• EncryptionCredentailDetails - https://github.com/Adyen/adyen-dotnet-api-library/blob/v28.0.0/Adyen/Security/EncryptionCredentialDetails.cs
• SaleToPoiMessageSecuredEncryptor - https://github.com/Adyen/adyen-dotnet-api-library/blob/main/Adyen/Security/SaleToPoiMessageSecuredEncryptor.cs#L29

Since the password is dynamic, we need a way to pass this into the EncryptionCredentialDetails, my suggestion, we could move the var encryptionDerivedKey = _encryptionDerivedKeyGenerator.Generate(encryptionCredentialDetails);-part to the constructor above, what do you think?

[mvdzwaan]

I forked and was in the process of creating a pull request using another tactic

https://github.com/Adyen/adyen-dotnet-api-library/compare/main...mvdzwaan:adyen-dotnet-api-library:main

Using a static in the EncryptionDerivedKeyGenerator class.

I think the provided password will not be dynamic, but if it really is, we could store it too and compare before deciding to give the cached key or recalculate it again.

I used my version and it was working fine as is... Performance gains on my desktop were not as big as hoped, but on slower devices it will help.