A certificate with a very large RSA key

A certificate with a very large RSA key – 16384 bits

A certificate embeds a public key, one key of a pair of keys. The strength of a cryptographic key depends a lot of the size of the key, and the algorithm used for it. For RSA keys, no certificate authority allows smaller keys than 2048 bits today (Feb 2015).

When setting up a connection, the client challenges the server. The server takes the challenge text, a nonce, and encrypts it with the private key that matches the public key in the certificate. The client takes the encrypted information and decrypts the nonce. This process use the keys twice – once for encryption and once for decryption.

In this test, the keys are huge. The connection setup will take more time than an ordinary TLS connection setup. Test this to see how your client reacts to the keys and how long the connection setup is. Will the user believe connection is lost while waiting? Does the client user interface indicate what’s going on?