How Long Does It Take to Generate an Asymmetric Cryptography Key Pair?
This is part 3 of using Public Key Infrastructure (PKI) and Private Key Cryptography for your Windows Server 2012 environment.
Part 1: Selecting a Key Size for Your Root Certificate Server in Windows Server 2012 AD CS.
Part 2: Selecting a Cryptographic Key Provider in Windows Server 2012 AD CS.
In this post, we’ll look at the time involved to generate asymmetric key pars.
Many technologies use asymmetric, or public-private key cryptography today. If you’re using Public Key Infrastructure (PKI), IP Security (IPSec), virtual private networking (VPN), or even a secure web site that supports SSL, you’re using asymmetric key cryptography.
At the outset, asymmetric key cryptography was devised as an infrequent-use solution because of two important limitations:
- Creating an asymmetric key pair is mathematically intensive
- Asymmetric key cryptography is not efficient on large amounts of data
It is this first limitation that I’m addressing in this blog.
In brief, generating a useful key pair today is a nearly trivial operation that takes very little time and resources.
Timing Key Generation
To dispel this myth I used two scenarios:
- Windows Server 2012 Active Directory Certificate Services generating a 2048-bit RSA key for a self-signed certificate. This is on a single-CPU server with 2048MB of RAM running inside VMware.
- OpenSSL generating a similar 2048-bit RSA key on an Intel i7 3.6Ghz with 32MB of RAM.
I chose these two scenarios because of their diversity. The first is a more common IT scenario with limited resources and the test is being run inside a guest operating system with its associated resource overhead. The second is a streamlined command-line geek-centric approach that should be significantly faster.
Before I disclose the results, note that the first time I generated a key pair of this size was over 10 years ago. That process took more than a day.
- Scenario 1: 7 seconds to generate the key pair.
- Scenario 2: 4 seconds to generate the key pair.
Conclusion
Don’t avoid generating key pairs because of the complexity or time involved. Even with relatively limited resources, today’s technology makes short work of key generation.
If you want more Windows PKI articles please be sure to drop me a comment.
Take care!
Mike Danseglio -CISSP / CEH
Interface Technical Training – Technical Director and Instructor
Configuring Windows Mobility Center and How to Turn it On and Off
Video transcription Steve Fullmer: In our Windows training courses, we often share information about the Windows 8.1 Mobility Center. Mobility Center was introduced for mobile and laptop devices in Windows 7. It’s present and somewhat enhanced in Windows 8. Since we don’t have mobile devices in our classrooms, I decided to take a little bit … Continue reading Configuring Windows Mobility Center and How to Turn it On and Off
Agile Methodology in Project Management
In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management
Creating Users and Managing Passwords in Microsoft Office 365
In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365. For instructor-led Office 365 training classes, see our course schedulle: Spike Xavier SharePoint Instructor – Interface Technical Training Phoenix, AZ 20347: Enabling and Managing Office 365
Write a Comment
