> ipsec pki --gen > caKey.der" on my device(PPC architecture), it takes > about 15mins to generate out the RSA private key
In the default configuration, the key is generated with random data from /dev/random. If your kernel does not have enough entropy, the read blocks. If you prefer to generate your keys without real entropy, you can use the non-blocking /dev/urandom device. Add --with-random-device=/dev/urandom to ./configure. As alternative to the libgmp based key generation, you can use our other crypto plugins, such as OpenSSL: --disable-gmp --enable-opensssl or libgcrypt: --disable-gmp --enable-gcrypt OpenSSL should generate the keys faster, but with less entropy. Libgcrypt by default reads from /dev/random and blocks, too. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
