Rsa Key Pair Generation Time

On Sat, Jan 28, 2017 at 4:58 PM, Frank Migge
  1. Rsa Key Pairs

So I am wondering how this is adding up. In essence how much entropy and consequently time should a RSA keypair generation take on a moderns system. I am convinced there is no standard time, but surely it can be estimated in terms of 'less then 30 minutes' 'more then 10 seconds'. Given that there are storages of 'entropy' in the system.

Oct 05, 2007 Generating public keys for authentication is the basic and most often used feature of ssh-keygen. Ssh-keygen can generate both RSA and DSA keys. RSA keys have a minimum key length of 768 bits and the default length is 2048. When generating new RSA keys you should use at least 2048 bits of key length unless you really have a good reason for using a shorter and less secure key. Before I disclose the results, note that the first time I generated a key pair of this size was over 10 years ago. That process took more than a day. Scenario 1: 7 seconds to generate the key pair. Scenario 2: 4 seconds to generate the key pair. Don’t avoid generating key pairs because of the complexity or time involved.

<[hidden email]> wrote:
Hi Mithun,
>> I have a embedded board P1010 RDB running openssl on VXWORKS 5.4 .
>> I am generating RSA 2048 and 3072 bit key pairs.
>> I am providing entropy to openssl by using RAND_seed from a HW RNG.
Rsa key pair generation time table
>> My average generation time for RSA 2048 key pair is 2 Minutes and 3072 is 8 minutes.
I noticed embedded board key generation times vary by OS and OpenSSL version after converting a Altera Atlas FPGA SoC HPS from original 2013 Yocto Linux to latest Ubuntu. Under the old Yocto, key generation occasionally took up to 2 minutes. Same board under Ubuntu 16.04, 2048 RSA keys take consistently 2-5 seconds, while 3072 keys need around 8-16 seconds. Even running the system single core, the numbers don't change (on a low utilized system, using OS built-in /dev/urandom).
While I am on a different CPU and OS (32bit ARM v7 900Mhz dual core, 1GB 400Mhz RAM), your e500 PowerPC can't be to far behind. Your numbers seem to be off by a magnitude. You mentioned using a external HW RNG, could that be it?

Cheers,
Frank
Wednesday, January 25, 2017 1:10 AM
I'm afraid you will have to look at the OpenSSL source code, I haven't
paid much attention to that CPU recently.
Enjoy
Jakob
Monday, January 23, 2017 4:09 PM
Hi Jakob,
Can you please give me some reference/example of bignum optimization which I can check on powerpc architectures.

Rsa Key Pairs

Is this any specific instruction set addition? or something more generic?
Thanks & Regards

Wednesday, January 18, 2017 1:08 AM

I believe this is a CPU intensive operation (if VxWorks can do
this, try observing the CPU load during).
Potential improvements:
1. Check if the CPU specific bignum optimizations for your CPU
variant have been enabled via the libcrypto CPU detection code
(for example, there are optimizations for different ARM cortex
variants).
2. Faster CPU (expensive obviously).
3. Do the generation in the background before the keypair is
needed, at a time when the extra CPU load is less of a problem.
Enjoy
Jakob
Tuesday, January 17, 2017 3:44 PM
Hi
I have a embedded board P1010 RDB running openssl on VXWORKS 5.4 .
Example
I am providing entropy to openssl by using RAND_seed from a HW RNG.
My average generation time for RSA 2048 key pair is 2 Minutes and 3072 is 8 minutes.

Mithun

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users