Menu
▾
▴
Re: [Ejbca-develop] Private key Generation
|
From: Andreas K. <ku...@tr...> - 2016-04-26 16:44:47
|
Hi Florent, for sure Tomas knows how the ejbca is implemented. But to be sure to have a good source of entropy for your keys watch out for several pitfalls: - different Java runtime may or may not use /dev/random - /dev/random has it problems on virtual platforms - the OS itself may affect the quality of the random source If you are reaching out to do serious stuff please consider mixing several sources of randomness. Greetings, Andreas > Hi Tomas, > > Thank you for your answer. > > I'm not planning to use HSM, so it will be done via EJBCA directly. > > So if I understand correctly, the underlying method used by EJBCA to > generate private key is via the Java class java.util.Random and the > class java.security.SecureRandom. > => The key are generated by the method createCryptoToken from the class > CryptoTokenManagementSessionBean which uses SecureRandom() > At the end OpenJDK SecureRandom implementation uses /dev/random. > So the overall entropy is the entropy of /dev/random. > > Are those statements correct ? > > Thanks, > Florent. > > > > Le 26/04/2016 12:33, Tomas Gustavsson a écrit : >> Hi, >> >> If you use an HSM CA key generation is performed in the HSM. >> >> As for other randomness you can search for Java Random or SecureRandom. >> >> Java random is good, and in general uses the OS random source where needed. >> >> Regards, >> Tomas >> >> On 2016-04-25 17:49, Florent Le Saout wrote: >>> Hi, >>> >>> I'm looking for the method used by EJBCA to generate the private keys in >>> general (CA, Sub-Ca, certificates...). >>> >>> _So I have multiple questions, which at the end are all related to the >>> same thing:_ >>> >>> * Is the generation process all done in EJBCA application ? >>> * Or do they rely on Java EE-based application server random number >>> generation (in my case Jboss) ? >>> * Is there a link somewhere with the locally implemented random number >>> generation, so for instance on Linux /dev/random ? >>> * What is the level of entropy, and is there some guaranty about a >>> minimum value, and could we improve it by taking some action while >>> it's generating a key ? >>> >>> >>> I looked in the documentation and didn't find any informations about >>> that, but maybe I missed it. >>> >>> Thanks for your help, >>> Florent. >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Find and fix application performance issues faster with Applications Manager >>> Applications Manager provides deep performance insights into multiple tiers of >>> your business applications. It resolves application problems quickly and >>> reduces your MTTR. Get your free trial! >>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z >>> >>> >>> >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>> >> ------------------------------------------------------------------------------ >> Find and fix application performance issues faster with Applications Manager >> Applications Manager provides deep performance insights into multiple tiers of >> your business applications. It resolves application problems quickly and >> reduces your MTTR. Get your free trial! >> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop -- Andreas Kühne phone: +49 177 293 24 97 mailto: ku...@tr... Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 Director Andreas Kühne Company UK Company No: 5218868 Registered in England and Wales |
