stackoom
  简体   繁体   中英

Bouncy Castle for fips is not working on linux virtual machine

 原文  2018-05-15 07:28:22       java/ linux/ windows/ bouncycastle/ fips

Question

I implemented Bouncy Castle for fips certificate generation, this worked fine on physical linux environment but on linux virtual machine the code is stuck on keypair generation. Following is the code that i have written:

public static KeyPair generateKeyPair() throws GeneralSecurityException
{
    KeyPairGenerator keyPair = KeyPairGenerator.getInstance("RSA", 
      "BCFIPS");
    keyPair.initialize(2048, new SecureRandom());
    return keyPair.generateKeyPair();
}

I found a similar post but its not working for me. Bouncy Castle not working on linux machine

Initially current entropy value is 1700 (as per the steps given it should be 3000-4000). I tried the steps given and entropy value is increased to 2600 (as per the steps given it should be above 4000).

Post that i tried generating certificate and issue was still there.

I tried increasing threshold value by "kernel.random.read_wakeup_threshold = 4096" "kernel.random.write_wakeup_threshold = 6144"

When i execute "sysctl -p" , it throws error..

" sysctl: setting key "kernel.random.read_wakeup_threshold": Invalid argument kernel.random.read_wakeup_threshold = 4096 sysctl: setting key "kernel.random.write_wakeup_threshold": Invalid argument kernel.random.write_wakeup_threshold = 6144 "

I run "yum install haveged" command, And it says package haveged is already installed.

haveged configuration looks fine.. 

rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 1000
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=1.977; avg=13.431; max=23.782)Mibits/s
rngtest: FIPS tests speed: (min=116.302; avg=143.533; max=147.856)Mibits/s
rngtest: Program run time: 1561023 microseconds

1 answers

solution1
 0  2018-05-24 00:54:19

You might find the approach detailed in the second half of the BCFIPS user guide will work for you. Using the HYBRID configuration enables an entropy pool in the BouncyCastleFipsProvider which will help stretch out the available entropy in a compliant fashion.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Bouncy Castle not working on linux machine EC.generateKeyPair() missing in Bouncy Castle FIPS library Bouncy Castle FIPS mode for PKCS#12 KeyStore Format Can not connect to sqlserver with Bouncy Castle Fips Provider using to run the JSSE in FIPS mod Encrypting/decrypting with RSA Bouncy Castle not working properly Configure Bouncy Castle padding mechanism for public key in FIPS-140 mode Can't use PBEWithHmacSHA1AndDESede with Bouncy Castle fips jar, works fine with RSA cryptoJ ECDHE Security with Bouncy Castle Performance of Bouncy Castle in Java Bouncy Castle scrypt implementation
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM