HI Ritesh,
Thank you for your information. I will answer your questions one by one.
There is no any specific reason to use such a big length RSA key but can’t we use that much length key for secure connection?
The bigger the RSA, the more secure the operation is. However, the bigger the key is, the longer it takes to do the mathematic operations it requires. In your previous comment, you mentioned you are using a 1250 Byte key. This is more than 8192 bit key size, which is highly secure, however long in processing time. In your citing, you mention a 2048 bit key size, so it puzzles me you are
If not then would you please suggest recommended key for RSA key to use for secure connection?
It is better you consult with your security experts regarding the key size you should be using, according to your threat model. However, in my view it is enough you use a 4096 bit key size for your RSA operations.
What is the difference between RSA and ECDHE key as I don’t know difference between them? Can we use ECDHE key in place of RSA key?
ECDHE
is Elipric Curve ephemeral Diffie Hellmann Key exchange. ECC keys are shorter in length of RSA keys of same security strength, You can see in the table here that having the same security strength of a RSA 7680 bit key size is a 384 bit key size for ECC.
However, from your description in last comment, you are not using a key exchange algorithm, but a hybrid solution, which uses RSA to encrypt a symmetric key, and then use the key in the operation. ECC is not used for encryption, but only for key exchange and signature verification operations, so you cannot use ECC for your solution.
At first, I was under the assumption you are asking about TLS negotiation. Is there a reason why you aren’t securing the connection with TLS, but your own solution, as mentioned in your citing:
Although other authentication strategies are possible, they are out of scope of this section.
?
If you must use this hybrid solution, then I would recommend using a shorter key size. If 2048 bit key size is enough for your endpoint authentication, according to your link, then why are you using a 1250 byte key?
Regards,
Mbed TLS Team member
Ron