On 6/6/2013 4:57 AM, srikanth chakravarthula wrote:
Hi I need help in openssl random seed genertion.
We use the genrsa command to generate keys and certificates and we
want to ensure the entropy of the random number being generated is
having a high entropy.
we need to know how does openssl while genrting the key using the
command genrsa will generate the random number and of what bytes does
it.
How can we improve the entropy before generating the key, we use
dev/urandom and its been said that there is an options like rand_add
and rand_seed.
On platforms with /dev/random and /dev/urandom, openssl by default
seeds itself from one of those. On other platforms, the documentation
is murky at best.
rand_add() is what your own code would call if it had a different and
better source of entropy which was for some reason not set up to just
add its entropy to the /dev/urandom system pool automatically (most
hardware entropy sources on the market do that).
How do I call these API's using the shell script before generating the
keys to ensure high entropy is achieved. Also how do I output the
random seed generated to check for the entropy.
Use the -rand option
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
