java BouncyCastleProvider long time run

Question

I have added bcprov-jdk15on-1.58.jar file in Eclipse project - Java Build Path -> Libraries...

I have a problem: when I run the main class it is running too long time and not doing anything, but javaw.exe in task manager is using 25% of CPU. in my code below the process is printing 3 (main method) and waiting for this => kpg.genKeyPair(), which is not ending;

Can someone explain why is this happening and how to fix it?

package dhcrypto;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Security;


import org.bouncycastle.jce.provider.BouncyCastleProvider;

public class MyMain {

public static void main(String[] args) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, InvalidKeyException{

    Security.addProvider(new BouncyCastleProvider());
    System.out.println("1");

    KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH","BC");
    System.out.println("2");

    kpg.initialize(2048);
    System.out.println("3");

    KeyPair kp = kpg.genKeyPair();      
    System.out.println("4");

    PublicKey userPublicKey = kp.getPublic();       
    System.out.println("5");

    System.out.println("Public Key: "+userPublicKey);
}

}

Answer 1

I got a solution and to understand that you need to have a little knowledge about DH algorithm.

It runs in fraction of seconds now !!!!!!!

Please refer to this stackexchange link : https://security.stackexchange.com/questions/45963/diffie-hellman-key-exchange-in-plain-english

Refer to point "1." in that link, you have to come up with 2 prime numbers, and thats what I did in your program.

Hope this helps you.

package test;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;

import javax.crypto.spec.DHParameterSpec;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

public class MyMain {

public static void main(String[] args) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, InvalidKeyException{

    BigInteger g512 = BigInteger.valueOf(2);

    final byte skip1024ModulusBytes[] = { (byte) 0xF4,
        (byte) 0x88, (byte) 0xFD, (byte) 0x58, (byte) 0x4E, (byte) 0x49,
        (byte) 0xDB, (byte) 0xCD, (byte) 0x20, (byte) 0xB4, (byte) 0x9D,
        (byte) 0xE4, (byte) 0x91, (byte) 0x07, (byte) 0x36, (byte) 0x6B,
        (byte) 0x33, (byte) 0x6C, (byte) 0x38, (byte) 0x0D, (byte) 0x45,
        (byte) 0x1D, (byte) 0x0F, (byte) 0x7C, (byte) 0x88, (byte) 0xB3,
        (byte) 0x1C, (byte) 0x7C, (byte) 0x5B, (byte) 0x2D, (byte) 0x8E,
        (byte) 0xF6, (byte) 0xF3, (byte) 0xC9, (byte) 0x23, (byte) 0xC0,
        (byte) 0x43, (byte) 0xF0, (byte) 0xA5, (byte) 0x5B, (byte) 0x18,
        (byte) 0x8D, (byte) 0x8E, (byte) 0xBB, (byte) 0x55, (byte) 0x8C,
        (byte) 0xB8, (byte) 0x5D, (byte) 0x38, (byte) 0xD3, (byte) 0x34,
        (byte) 0xFD, (byte) 0x7C, (byte) 0x17, (byte) 0x57, (byte) 0x43,
        (byte) 0xA3, (byte) 0x1D, (byte) 0x18, (byte) 0x6C, (byte) 0xDE,
        (byte) 0x33, (byte) 0x21, (byte) 0x2C, (byte) 0xB5, (byte) 0x2A,
        (byte) 0xFF, (byte) 0x3C, (byte) 0xE1, (byte) 0xB1, (byte) 0x29,
        (byte) 0x40, (byte) 0x18, (byte) 0x11, (byte) 0x8D, (byte) 0x7C,
        (byte) 0x84, (byte) 0xA7, (byte) 0x0A, (byte) 0x72, (byte) 0xD6,
        (byte) 0x86, (byte) 0xC4, (byte) 0x03, (byte) 0x19, (byte) 0xC8,
        (byte) 0x07, (byte) 0x29, (byte) 0x7A, (byte) 0xCA, (byte) 0x95,
        (byte) 0x0C, (byte) 0xD9, (byte) 0x96, (byte) 0x9F, (byte) 0xAB,
        (byte) 0xD0, (byte) 0x0A, (byte) 0x50, (byte) 0x9B, (byte) 0x02,
        (byte) 0x46, (byte) 0xD3, (byte) 0x08, (byte) 0x3D, (byte) 0x66,
        (byte) 0xA4, (byte) 0x5D, (byte) 0x41, (byte) 0x9F, (byte) 0x9C,
        (byte) 0x7C, (byte) 0xBD, (byte) 0x89, (byte) 0x4B, (byte) 0x22,
        (byte) 0x19, (byte) 0x26, (byte) 0xBA, (byte) 0xAB, (byte) 0xA2,
        (byte) 0x5E, (byte) 0xC3, (byte) 0x55, (byte) 0xE9, (byte) 0x2F,
        (byte) 0x78, (byte) 0xC7 };

     BigInteger p512 = new BigInteger(1, skip1024ModulusBytes);


    Security.addProvider(new BouncyCastleProvider());
    System.out.println("1");
    DHParameterSpec dhParams = new DHParameterSpec(p512, g512);
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH","BC");

    kpg.initialize(dhParams, new SecureRandom());
    System.out.println("2");

    kpg.initialize(2048);
    System.out.println("3");

    KeyPair kp = kpg.genKeyPair();      
    System.out.println("4");

    PublicKey userPublicKey = kp.getPublic();       
    System.out.println("5");

    System.out.println("Public Key: "+userPublicKey);
}

}

Answer 2

I worked on something similar like this so I came across below link at that time. I had took reference to answer your question why its happening.

Please visit the actual question from link in the end of my answer, may be that can help you in better way

I will try to give you a code snippet to generate random key pair with some another algorithm but same could be a better and faster solution for you, if you are in real hurry to work on this.

First of all, although Java is certainly fast with regards to business logic, optimized C code (with assembly where it counts) will blow it out of the water when it comes to cryptography. Java will use BigInteger to perform these calculations, and BigInteger - as far as I know - does not contain a native optimized Montgomery multiplier. Scripting languages generally are much worse than Java unless they call native code.

Java also needs time to optimize byte code. That means it runs faster if it is called multiple times. So you need to at least call one key gen before to see what happens if such a method is called multiple times in your application. In this case the runtime may be so high that it is already able to optimize - that depends on the VM.

So the actual random number generator implementation used makes a lot of difference - especially if the random number generator can block if not enough entropy is available. So play around with the random number generators available until you find one that is fast and secure enough.

Finding a prime of a certain length is a process that doesn't have a designated runtime. A very large number is picked (in this case about 2048 bits in size) and start testing if the subsequent numbers are prime. This is what hammers your CPU. So you need to calculate the average runtime of generating prime - in case you are generating a lot of them - or you will have to live with the uncertainty about the time it takes.

If you want to have a faster way of generating key pairs you can do a few things:

1. obtain a native implementation of a Java Provider that does this for you
2. switch to another algorithm for which key pair generation is fast, such as Elliptic Curve Cryptography
3. generate the keys using openssl and just import/use them in your Java application

Usually though you would need to fix the protocol instead of the key pair generator.

Ref : Why KeyPairGenerator.genKeyPair() so slow