On Tue, Jan 17, 2012 at 1:32 PM, Magosányi Árpád <m...@magwas.rulez.org> wrote: > My application uses openssl-fips for random number generation, where the > seeding have to have at least 100 bits of entropy coming from a hardware > random generator which is certified either to FIPS or CC EAL4. Due to > economy we want to use a USB token and not a full-featured HSM. > I have two questions on that: > 1. (yes, I realise that RTFM, but which one?): How should I/can I seed 100 > bits of entropy into the openssl-fips RNG? What is the function call for > this? http://www.openssl.org/docs/crypto/RAND_add.html
> 2. Any hint on which USB token is suitable for this? (I guess needing to > call the rng more than once to gather the necessary entropy is ok). I have a EntropKey (http://www.entropykey.co.uk/). Inexpensive and works out of the box with a number of Linux distros, including Ubuntu and Fedora (I don't know about others such as CentOS). No Windows drivers, though. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
