000016299 - Improve performance when using Crypto-J version 4.1 onwards

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016299
Applies ToRSA BSAFE Crypto-J version 4.1 and above, RSA BSAFE SSL-J version 5.1 onwards
Issue

Better performance when using Crypto-J 4.0 (SSL-J 5.0.2) than with Crypto-J 4.1 (SSL-J 5.1)

CauseThe default RNG was changed to ECDRBG128 in version 4.1.
Resolution

The following two methods are available for changing the RNG used,

 

1. Change the default RNG by setting security property,com.rsa.crypto.default.random.

The following are valid values for this security property:

? ECDRBG

? ECDRBG128

? ECDRBG192

? ECDRBG256

? HMACDRBG

? HMACDRBG128

? HMACDRBG192

? HMACDRBG256

? FIPS186Random

? FIPS186PRNG.

 

2. Select RNG other than ECDRBG when creating the RNG object and setting this object against the operation requiring random number generation ( for example key generation).

 

NotesUsers in FIPS 140-2 mode can select either the FIPS 186-2, ECDRBG or HMAC DRBG.
com.rsa.crypto.default.random should be set as a Security Property and not System Property.
In SSL-J, create SecureRandom object with RNG other than ECDRBG, and pass this in the SSLContext.init method.
Legacy Article IDa50785

Attachments

    Outcomes