How Long Does It Take to Generate an Asymmetric Cryptography Key Pair?
This is part 3 of using Public Key Infrastructure (PKI) and Private Key Cryptography for your Windows Server 2012 environment.
Part 1: Selecting a Key Size for Your Root Certificate Server in Windows Server 2012 AD CS.
Part 2: Selecting a Cryptographic Key Provider in Windows Server 2012 AD CS.
In this post, we’ll look at the time involved to generate asymmetric key pars.
Many technologies use asymmetric, or public-private key cryptography today. If you’re using Public Key Infrastructure (PKI), IP Security (IPSec), virtual private networking (VPN), or even a secure web site that supports SSL, you’re using asymmetric key cryptography.
At the outset, asymmetric key cryptography was devised as an infrequent-use solution because of two important limitations:
- Creating an asymmetric key pair is mathematically intensive
- Asymmetric key cryptography is not efficient on large amounts of data
It is this first limitation that I’m addressing in this blog.
In brief, generating a useful key pair today is a nearly trivial operation that takes very little time and resources.
Timing Key Generation
To dispel this myth I used two scenarios:
- Windows Server 2012 Active Directory Certificate Services generating a 2048-bit RSA key for a self-signed certificate. This is on a single-CPU server with 2048MB of RAM running inside VMware.
- OpenSSL generating a similar 2048-bit RSA key on an Intel i7 3.6Ghz with 32MB of RAM.
I chose these two scenarios because of their diversity. The first is a more common IT scenario with limited resources and the test is being run inside a guest operating system with its associated resource overhead. The second is a streamlined command-line geek-centric approach that should be significantly faster.
Before I disclose the results, note that the first time I generated a key pair of this size was over 10 years ago. That process took more than a day.
- Scenario 1: 7 seconds to generate the key pair.
- Scenario 2: 4 seconds to generate the key pair.
Conclusion
Don’t avoid generating key pairs because of the complexity or time involved. Even with relatively limited resources, today’s technology makes short work of key generation.
If you want more Windows PKI articles please be sure to drop me a comment.
Take care!
Mike Danseglio -CISSP / CEH
Interface Technical Training – Technical Director and Instructor
Using Navigation Controls in a Collaboration Site in SharePoint
In this SharePoint training video, I want to talk about the Navigation Controls in SharePoint. They tend to fall into two kind of different categories; one with the navigation controls in a typical Collaboration Site such as a Team Site or a Project Site. These are Sites that are based on the Team Site Template … Continue reading Using Navigation Controls in a Collaboration Site in SharePoint
How to Use SharePoint Navigation Controls in a Publishing Site
For more SharePoint training videos in this series, see: Part 1 – Using Navigation Controls in a Collaboration Site in SharePoint Part 2 – » Using Navigation Controls in a Publishing Site in SharePoint « Part 3 – Configuring SharePoint Navigation in a Publishing Site – Activating the Publishing Feature Part 4 – How to Configure Navigation in SharePoint … Continue reading How to Use SharePoint Navigation Controls in a Publishing Site
How to Configure Navigation in SharePoint Publishing Sites
For more SharePoint training videos in this series, see: Part 1 – Using Navigation Controls in a Collaboration Site in SharePoint Part 2 – Using Navigation Controls in a Publishing Site in SharePoint Part 3 – Configuring SharePoint Navigation in a Publishing Site – Activating the Publishing Feature Part 4 – » How to Configure Navigation in … Continue reading How to Configure Navigation in SharePoint Publishing Sites
Write a Comment
