我实现了Bouncy Castle用于fips证书生成,这在物理linux环境中运行良好,但在linux虚拟机上,代码卡在密钥对生成上。以下是我写的代码:
public static KeyPair generateKeyPair() throws GeneralSecurityException
{
KeyPairGenerator keyPair = KeyPairGenerator.getInstance("RSA",
"BCFIPS");
keyPair.initialize(2048, new SecureRandom());
return keyPair.generateKeyPair();
}
我发现了一个类似的帖子,但它不适合我。 Bouncy Castle not working on linux machine
最初的当前熵值是1700(按照给定的步骤应该是3000-4000)。我尝试了给出的步骤,熵值增加到2600(按照给定的步骤应该高于4000)。
发布我尝试生成证书并且问题仍在那里。
我尝试通过“kernel.random.read_wakeup_threshold = 4096”“kernel.random.write_wakeup_threshold = 6144”增加阈值
当我执行“sysctl -p”时,它会抛出错误..
“sysctl:setting key”kernel.random.read_wakeup_threshold“:无效参数kernel.random.read_wakeup_threshold = 4096 sysctl:设置键”kernel.random.write_wakeup_threshold“:无效参数kernel.random.write_wakeup_threshold = 6144”
我运行“yum install haveged”命令,并且它已经安装了包已经安装。
hasged配置看起来很好..
rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 1000
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=1.977; avg=13.431; max=23.782)Mibits/s
rngtest: FIPS tests speed: (min=116.302; avg=143.533; max=147.856)Mibits/s
rngtest: Program run time: 1561023 microseconds