RSA key generation is time-nondeterministic. The reason why is because candidate prime pairs (generated from the random number generator) must both past primality and relative primality tests. If the tests fail, both are supposed to be discarded and the generation go back to step 1. If you're unlucky and get a lot of numbers that fail the tests, you're going to wait a long time.
EC takes a private key generated pretty much arbitrarily, and then calculates the public key from that. Its key generation process is much more time-deterministic. -Kyle H On 7/3/2014 12:46 AM, phildoch wrote: > I tested the generation of a certificate with a keypair RSA 4096 bit on two > different platforms. > > The openssl command I used is: > /openssl req -newkey rsa:4096 -keyout clientKey.pem -out clientReq.pem/ > > There was a huge difference in the time it took on each one of the > platforms. On a first Linux Station it took about 10 seconds. While in the > second Linux embedded board it took almost 2 minutes! > > Is the strength or efficiency of the processors the only way to explain the > difference of time? > > Is there a way to reduce the duration of the process? > > > > > -- > View this message in context: > http://openssl.6102.n7.nabble.com/Duration-of-rsa-key-generation-process-tp51673.html > Sent from the OpenSSL - User mailing list archive at Nabble.com. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org
smime.p7s
Description: S/MIME Cryptographic Signature
