Home > Archive > Java Security > January 2006 > Default strength of RSA encryption
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Default strength of RSA encryption
|
|
| DamonChong 2006-01-24, 7:58 am |
| Hi,
I have two questions relating to the keytool program bundled in the
standard SUN JDK v1.5.x. I am using this keytool program to generate a
server certificate with the RSA algorithm for my Tomcat engine. My
questions are firstly, does anyone know what is its default encryption
strength if we never specify the keysize? Secondly, I am not in the USA
but the JDK is downloaded from SUN, is its crypto strength limited by
export restriction on encryption software in the United States? In
another word, if I specify -keysize 1024, will keytool truly respect
this option?
Thank you very much.
Regards,
Damon
| |
| Mike Amling 2006-01-24, 7:06 pm |
| DamonChong wrote:
> Hi,
>
> I have two questions relating to the keytool program bundled in the
> standard SUN JDK v1.5.x. I am using this keytool program to generate a
> server certificate with the RSA algorithm for my Tomcat engine. My
> questions are firstly, does anyone know what is its default encryption
> strength if we never specify the keysize? Secondly, I am not in the USA
> but the JDK is downloaded from SUN, is its crypto strength limited by
> export restriction on encryption software in the United States? In
> another word, if I specify -keysize 1024, will keytool truly respect
> this option?
I suggest using the experimental method. Generate a default-length
keypair, and a keypair with -keysize 1024, and look at the length of the
generated moduli.
--Mike Amling
| |
| Roedy Green 2006-01-24, 7:06 pm |
| On Tue, 24 Jan 2006 18:06:08 GMT, Mike Amling <nospam@foobaz.com>
wrote, quoted or indirectly quoted someone who said :
> I suggest using the experimental method. Generate a default-length
>keypair, and a keypair with -keysize 1024, and look at the length of the
>generated moduli.
keytool.exe does not tell you what it is ,but you can out with keyman.
See http://mindprod.com/jgloss/keyman.html
my cert is 1024 bits. I don't recall ever doing anything special to
request extended strength. I live in Canada so Sun may have given it
to me automatically.
The law is silly. It does not stop anyone from using extra strength
encryption, it just ensures American companies won't provide it,
giving the business to foreign competitors. It is an anti-business
law, most peculiar.
It also hurts domestic sales of American encryption products. Why buy
something from a US company than works only in the USA where you can
buy from competitor a product that works anywhere?
--
Canadian Mind Products, Roedy Green.
http://mindprod.com Java custom programming, consulting and coaching.
|
|
|
|
|