Got it, thanks a lot. On Wed, Jun 30, 2010 at 5:08 PM, Martin Willi <[email protected]> wrote:
> > > ipsec pki --gen > caKey.der" on my device(PPC architecture), it takes > > about 15mins to generate out the RSA private key > > In the default configuration, the key is generated with random data > from /dev/random. If your kernel does not have enough entropy, the read > blocks. > If you prefer to generate your keys without real entropy, you can use > the non-blocking /dev/urandom device. Add > --with-random-device=/dev/urandom to ./configure. > > As alternative to the libgmp based key generation, you can use our other > crypto plugins, such as OpenSSL: > --disable-gmp --enable-opensssl > or libgcrypt: > --disable-gmp --enable-gcrypt > > OpenSSL should generate the keys faster, but with less entropy. > Libgcrypt by default reads from /dev/random and blocks, too. > > Regards > Martin > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
