[strongSwan] "ipsec pki --gen > caKey.der" very slow
martin at strongswan.org
Wed Jun 30 11:08:41 CEST 2010
> ipsec pki --gen > caKey.der" on my device(PPC architecture), it takes
> about 15mins to generate out the RSA private key
In the default configuration, the key is generated with random data
from /dev/random. If your kernel does not have enough entropy, the read
If you prefer to generate your keys without real entropy, you can use
the non-blocking /dev/urandom device. Add
--with-random-device=/dev/urandom to ./configure.
As alternative to the libgmp based key generation, you can use our other
crypto plugins, such as OpenSSL:
OpenSSL should generate the keys faster, but with less entropy.
Libgcrypt by default reads from /dev/random and blocks, too.
More information about the Users