3

I implemented boucnyCastle for fips complaint signature generation and verification, this worked fine on a windows environment but on a linux environment the code is stuck on keypair generation. Following is the code that i have written:

public static KeyPair generateKeyPair() throws GeneralSecurityException
{
    KeyPairGenerator keyPair = KeyPairGenerator.getInstance("RSA", "BCFIPS");
    keyPair.initialize(new RSAKeyGenParameterSpec(3072, RSAKeyGenParameterSpec.F4));
    return keyPair.generateKeyPair();
}

Bouncy Castle

Abdul Ahad
  • 188
  • 2
  • 14
  • 1
    What do you mean by "does not work" and "is stuck"? What happens? Do you get an error message? – Jesper Dec 13 '17 at 14:52
  • it gives no error and neither moves to the next line of the code, to be specific it is stuck on this "return keyPair.generateKeyPair();" – Abdul Ahad Dec 13 '17 at 14:57
  • Does your Linux system have enough entropy? https://wiki.archlinux.org/index.php/GnuPG#Not_enough_random_bytes_available – DragonAssassin Dec 13 '17 at 15:10
  • @DragonAssassin i increased my entropy limit to 4000 but still same problem prebiously it was some where around 200. – Abdul Ahad Dec 13 '17 at 15:39
  • @AbdulAhad It appears that Bouncy Castle uses alot of entropy.To get enough I had to install Haveged to generate artificial entropy. https://wiki.archlinux.org/index.php/Haveged – DragonAssassin Dec 13 '17 at 17:32
  • @DragonAssassin thank you, following your suggestion we fixed our problem using answer mentioned below. – Abdul Ahad Dec 14 '17 at 08:06

1 Answers1

4

First Check if rngd.service (Hardware RNG Entropy Gatherer Daemon) is running on your system. If you are using Virtual Machine then it will not be running and to fix it use the following link:

http://wiki.networksecuritytoolkit.org/index.php/HowTo_Fix_The_rngd.service

Second check if your system has enough entropy using command:

cat /proc/sys/kernel/random/entropy_avail

if Entropy of your system has not enough Entropy then increase it. you can use the following link:

https://redhatlinux.guru/index.php/2016/04/03/increase-system-entropy-on-rhel-centos-6-and-7/

Also Install Haveged on your system to generate artificial entropy. To install Haveged you can use the following link:

https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged

Muhammad Hassan Manzoor
  • 56
  • 3