Menu
▾
▴
Re: [Ejbca-develop] Private key Generation
|
From: Florent Le S. <f.l...@ke...> - 2016-04-26 15:57:22
|
Hi Tomas, Thank you for your answer. I'm not planning to use HSM, so it will be done via EJBCA directly. So if I understand correctly, the underlying method used by EJBCA to generate private key is via the Java class java.util.Random and the class java.security.SecureRandom. => The key are generated by the method createCryptoToken from the class CryptoTokenManagementSessionBean which uses SecureRandom() At the end OpenJDK SecureRandom implementation uses /dev/random. So the overall entropy is the entropy of /dev/random. Are those statements correct ? Thanks, Florent. Le 26/04/2016 12:33, Tomas Gustavsson a écrit : > Hi, > > If you use an HSM CA key generation is performed in the HSM. > > As for other randomness you can search for Java Random or SecureRandom. > > Java random is good, and in general uses the OS random source where needed. > > Regards, > Tomas > > On 2016-04-25 17:49, Florent Le Saout wrote: >> Hi, >> >> I'm looking for the method used by EJBCA to generate the private keys in >> general (CA, Sub-Ca, certificates...). >> >> _So I have multiple questions, which at the end are all related to the >> same thing:_ >> >> * Is the generation process all done in EJBCA application ? >> * Or do they rely on Java EE-based application server random number >> generation (in my case Jboss) ? >> * Is there a link somewhere with the locally implemented random number >> generation, so for instance on Linux /dev/random ? >> * What is the level of entropy, and is there some guaranty about a >> minimum value, and could we improve it by taking some action while >> it's generating a key ? >> >> >> I looked in the documentation and didn't find any informations about >> that, but maybe I missed it. >> >> Thanks for your help, >> Florent. >> >> >> >> ------------------------------------------------------------------------------ >> Find and fix application performance issues faster with Applications Manager >> Applications Manager provides deep performance insights into multiple tiers of >> your business applications. It resolves application problems quickly and >> reduces your MTTR. Get your free trial! >> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z >> >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop -- *Florent LE SAOUT* R&D department Embedded Software Developer AUSY contractor for KERLINK |
