Default strength of RSA encryption

D

DamonChong

Hi,

I have two questions relating to the keytool program bundled in the
standard SUN JDK v1.5.x. I am using this keytool program to generate a
server certificate with the RSA algorithm for my Tomcat engine. My
questions are firstly, does anyone know what is its default encryption
strength if we never specify the keysize? Secondly, I am not in the USA
but the JDK is downloaded from SUN, is its crypto strength limited by
export restriction on encryption software in the United States? In
another word, if I specify -keysize 1024, will keytool truly respect
this option?

Thank you very much.

Regards,
Damon
 
M

Mike Amling

DamonChong said:
Hi,

I have two questions relating to the keytool program bundled in the
standard SUN JDK v1.5.x. I am using this keytool program to generate a
server certificate with the RSA algorithm for my Tomcat engine. My
questions are firstly, does anyone know what is its default encryption
strength if we never specify the keysize? Secondly, I am not in the USA
but the JDK is downloaded from SUN, is its crypto strength limited by
export restriction on encryption software in the United States? In
another word, if I specify -keysize 1024, will keytool truly respect
this option?
Click to expand...

I suggest using the experimental method. Generate a default-length
keypair, and a keypair with -keysize 1024, and look at the length of the
generated moduli.

--Mike Amling
 
R

Roedy Green

I suggest using the experimental method. Generate a default-length
keypair, and a keypair with -keysize 1024, and look at the length of the
generated moduli.
Click to expand...

keytool.exe does not tell you what it is ,but you can out with keyman.

See http://mindprod.com/jgloss/keyman.html

my cert is 1024 bits. I don't recall ever doing anything special to
request extended strength. I live in Canada so Sun may have given it
to me automatically.

The law is silly. It does not stop anyone from using extra strength
encryption, it just ensures American companies won't provide it,
giving the business to foreign competitors. It is an anti-business
law, most peculiar.

It also hurts domestic sales of American encryption products. Why buy
something from a US company than works only in the USA where you can
buy from competitor a product that works anywhere?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SCJP 5.0 : 310-055 Sun Certified Programmer for the Java FREE Practice Tests Here 0
comp.lang.java.gui FAQ 0
comp.lang.java.gui FAQ 0
comp.lang.vhdl FAQ part 1 of 4: general 0
comp.lang.vhdl FAQ part 3 of 4: products & services 0
comp.lang.c Answers to Frequently Asked Questions (FAQ List) 15
comp.lang.vhdl FAQ part 4 of 4: glossary 0
comp.lang.c Answers to Frequently Asked Questions (FAQ List) 1

Members online

Total: 49 (members: 1, guests: 48)
Robots: 393

Forum statistics

Threads
473,995
Messages
2,570,236
Members
46,822
Latest member
israfaceZa

Latest Threads

Top