Quote:
Originally Posted by mirek_adept
Then I use easyrsa build-ca. This step takes a short time /up to one second/. One of next step is easyrsa gen-dh. It takes about 3 minutes. I think it is OK, but why easyrsa build-ca is so fast operation?
|
For RSA of size 2048 bit (for example), you just need two random primes of size 1024. For DH of size 2048, you need a random prime of size 2048 and a corresponding generator with a prime order. So for DH you need to generate larger primes, and you might need to throw away some primes that don't have the right properties.
Although really, for DH you can just use pre-generated standard domains, e.g.,
https://tools.ietf.org/html/rfc3526.