Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / January 2006

Tip: Looking for answers? Try searching our database.

Default strength of RSA encryption

Thread view: 
Enable EMail AlertsStart New Thread
DamonChong - 24 Jan 2006 10:26 GMT
Hi,

I have two questions relating to the keytool program bundled in the
standard SUN JDK v1.5.x. I am using this keytool program to generate a
server certificate with the RSA algorithm for my Tomcat engine. My
questions are firstly, does anyone know what is its default encryption
strength if we never specify the keysize? Secondly, I am not in the USA
but the JDK is downloaded from SUN, is its crypto strength limited by
export restriction on encryption software in the United States? In
another word, if I specify -keysize 1024, will keytool truly respect
this option?

Thank you very much.

Regards,
Damon
Reply to this Message
Mike Amling - 24 Jan 2006 18:06 GMT
> Hi,
>
[quoted text clipped - 7 lines]
> another word, if I specify -keysize 1024, will keytool truly respect
> this option?

  I suggest using the experimental method. Generate a default-length
keypair, and a keypair with -keysize 1024, and look at the length of the
generated moduli.

--Mike Amling
Reply to this Message
Roedy Green - 24 Jan 2006 20:09 GMT
>   I suggest using the experimental method. Generate a default-length
>keypair, and a keypair with -keysize 1024, and look at the length of the
>generated moduli.

keytool.exe does not tell you what it is ,but you can out with keyman.

See http://mindprod.com/jgloss/keyman.html

my cert is 1024 bits.  I don't recall ever doing anything special to
request extended strength. I live in Canada so Sun may have given it
to me automatically.

The law is silly. It does not stop anyone from using extra strength
encryption, it just ensures American companies won't provide it,
giving the business to foreign competitors. It is an anti-business
law, most peculiar.

It also hurts domestic sales of American encryption products.  Why buy
something from a US company than works only in the USA where you can
buy from competitor a product that works anywhere?

Signature

Canadian Mind Products, Roedy Green.
http://mindprod.com Java custom programming, consulting and coaching.

Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.