Re: [Ejbca-develop] More on 4096 bit keys

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

In the released 3.0 there is a JBoss tuning that is supposed to increase 
timeout. It probably only works on versions > 3.2.4 though. The problem 
with command-line is Sun-Java related though.

>openssl genrsa -des3 -out ca.key 4096

Did you use different keysize in 1, 2, 3 and 4?

/Tomas

Ken Gunderson wrote:

>On Monday 07 June 2004 12:47 am, Tomas Gustavsson wrote:
>  
>
>>You don't say whan 1, 2, 3 and 4 below means?
>>Note though, that EJBCA creates two keypairs when creating a new CA,
>>so longer time than generating a single keypari is expected.
>>    
>>
>
>You're correct in that it wasn't an "even" test.  I created some OpenSSL 
>generated 4096 bit keys to provide general feel.  Once the keys are 
>made, singing the cert part is trivial.  
>
>I ran a small in house CA once using OpenSSL on a 300 MHz Celeron 
>machine and could use 4096 bit keys, so I don't think this is strictly 
>a hardware horsepower issue, despite that the Xeon machine can handle 
>it while the PIII cannot.  Suspect it has something to do with 
>additinal time required for entroy gathering and key generation 
>resulting in a Java timeout.  I'm not a Java programmer though, so I 
>could be way off base here.  I also don't have a subscription to the 
>JBoss docs.  Maybe there is some config variable that needs tuning to 
>allow for longer time?
>
>  
>