[strongSwan] "ipsec pki --gen > caKey.der" very slow
macguffin.xia at gmail.com
Wed Jun 30 12:17:07 CEST 2010
Got it, thanks a lot.
On Wed, Jun 30, 2010 at 5:08 PM, Martin Willi <martin at strongswan.org> wrote:
> > ipsec pki --gen > caKey.der" on my device(PPC architecture), it takes
> > about 15mins to generate out the RSA private key
> In the default configuration, the key is generated with random data
> from /dev/random. If your kernel does not have enough entropy, the read
> If you prefer to generate your keys without real entropy, you can use
> the non-blocking /dev/urandom device. Add
> --with-random-device=/dev/urandom to ./configure.
> As alternative to the libgmp based key generation, you can use our other
> crypto plugins, such as OpenSSL:
> --disable-gmp --enable-opensssl
> or libgcrypt:
> --disable-gmp --enable-gcrypt
> OpenSSL should generate the keys faster, but with less entropy.
> Libgcrypt by default reads from /dev/random and blocks, too.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users