Generating a 4096-bit RSA key is way slower than 2048-bit using Jsch

Generating an RSA key requires finding two large, random prime numbers that satisfy certain criteria. Finding such primes is essentially a matter of picking random numbers and then checking if they are prime or not by performing certain tests. The Prime Number Theorem tells us that as prime numbers get bigger, they also get rarer so you have to generate more random numbers in order to find one that's prime. The checking to determine whether the number is prime also takes longer for bigger numbers.

All of the above factors contribute to the increased time it takes to generate larger keys, however this aside, it sounds like this library just isn't particularly fast. Using OpenSSL on a reasonably modern PC I can generate a 2048 bit key in ~1 second and a 4096 bit key in <10 seconds, so your times of 10 secs and 3-5 mins seems excessive. If performance is an issue, I'd suggest trying a different library, with the understanding than any library is going to be slower to generate big keys than smaller ones!

A bit late for an answer, but as the other answers are purely heuristic, here some background about why it takes so much longer:

The slowest part of an RSA key generation is usually the Fermat test, which has to be run for each prime candidate x and consists of checking if 2^{x-1} = 1 modulo x (using 2 can be made faster than using other bases). So how does the time needed for the Fermat tests depend on the bit-length of x?

1. The running time for multiplication is about quadratic in the bit-lengths of the factors, so doubling the length quadruples the time (that's for school multiplication; if you use Karatsuba, then its about tripling the time; for more sophistic multiplication methods the bit-lengths of RSA are too short).

2. The running time for a modular exponentiation is linear in the bit-length of the exponent.

3. The probability for a random n-bit number to be prime is 1:log(2^n), where log is the natural logarithm, i.e., it is 1:(n*log(2)).

So doubling the bit-length gives you a factor of 4 from (1) and twice a factor of 2 from (2) and (3) for the running time of the RSA key generation, so in total the running time for the Fermat tests go up by a factor of 16 (or 12 using Karatsuba).

As there are other parts of the key generation whose running times don't go up so quickly, so a factor of around 10, as indicated in the answer of by Iridium, is reasonable.