操作中的内联密钥材料

🌐 Inline key material in operations

当 KeyObject 无法重复使用时（例如，密钥以原始字节的形式出现在协议消息中，并且仅使用一次），大多数加密函数也接受 PEM 字符串或直接指定格式和密钥材料的对象。在这种情况下，总成本是密钥导入和加密计算本身的总和。

🌐 When a KeyObject cannot be reused (e.g. the key arrives as raw bytes in a protocol message and is used only once), most cryptographic functions also accept a PEM string or an object specifying the format and key material directly. In this case the total cost is the sum of key import and the cryptographic computation itself.

对于加密计算占主导的操作——例如使用 RSA 签名或使用 P-384 或 P-521 的 ECDH 密钥协商——序列化格式对整体吞吐量的影响可以忽略不计，因此可以选择最方便的格式。对于像 Ed25519 签名或验证这样轻量级的操作，导入成本占总成本的比例较大，因此使用 'raw-public' 或 'raw-private' 这样更快的格式可以显著提高吞吐量。

🌐 For operations where the cryptographic computation dominates - such as signing with RSA or ECDH key agreement with P-384 or P-521 - the serialization format has negligible impact on overall throughput, so choose whichever format is most convenient. For lightweight operations like Ed25519 signing or verification, the import cost is a larger fraction of the total, so a faster format like 'raw-public' or 'raw-private' can meaningfully improve throughput.

即使相同的密钥材料只使用几次，也值得将其导入到 KeyObject 中，而不是反复传递原始或 PEM 表示形式。

🌐 Even if the same key material is used only a few times, it is worth importing it into a KeyObject rather than passing the raw or PEM representation repeatedly.