Re: ' Openssl.cnf ' and ' .rand ' file
On Sat, 10 Nov 2007 11:22:10 -0800 (PST) White Hat [EMAIL PROTECTED] wrote: openssl 0.9.7e-p1 25 Oct 2004 I have not been able to find an answer to this question on Google, so I figured I had better ask it here. In the '/etc/ssl/openssl.cnf' file, there is an entry for: RANDFILE= $dir/private/.rand# private random number file Well, that file does not exist. I cannot find it anywhere on my system and I have not been able to figure out how to create it. It's in the CA section so it's only used if you are signing keys. Normally openssl reads and write entropy to ~/.rnd, which creates it itself. I guess the above setting is just there to allow a different file for signing - perhaps in a more secure location. I would think these files are normally redundant since FreeBSD manages entropy itself. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
' Openssl.cnf ' and ' .rand ' file
openssl 0.9.7e-p1 25 Oct 2004 I have not been able to find an answer to this question on Google, so I figured I had better ask it here. In the '/etc/ssl/openssl.cnf' file, there is an entry for: RANDFILE= $dir/private/.rand# private random number file Well, that file does not exist. I cannot find it anywhere on my system and I have not been able to figure out how to create it. Also, where could I locate some information on the 'openssl.cnf' file. There does not appear to be a 'man' page for it. I would like some more information on what all of the settings mean and possibly how to set them for my particular needs. Thanks! -- White Hat [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ' Openssl.cnf ' and ' .rand ' file
On 11:22:10 Nov 10, White Hat wrote: openssl 0.9.7e-p1 25 Oct 2004 I have not been able to find an answer to this question on Google, so I figured I had better ask it here. In the '/etc/ssl/openssl.cnf' file, there is an entry for: RANDFILE= $dir/private/.rand# private random number file Well, that file does not exist. I cannot find it anywhere on my system and I have not been able to figure out how to create it. Also, where could I locate some information on the 'openssl.cnf' file. There does not appear to be a 'man' page for it. I would like some more information on what all of the settings mean and possibly how to set them for my particular needs. Why do you want it? You can use the openssl rand command for doing what you may be wanting to do. $ openssl rand 1 if you want binary output of length 1 bytes or you can use the -base64 switch for ASCII output. (You don't need the RANDFILE which is probably a seed or something) Most parts of OpenSSL are not documented properly and the source code is immensely hard to follow. I have worked with the guts of OpenSSL long ago and in spite of working with it for a long time, I have always found it hard to follow what happens where. :) The code is one of the most intricate uses of the wonderful C language. :) Enjoy the fun! :) Thanks. regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ' Openssl.cnf ' and ' .rand ' file
Girish Venkatachalam wrote: On 11:22:10 Nov 10, White Hat wrote: openssl 0.9.7e-p1 25 Oct 2004 I have not been able to find an answer to this question on Google, so I figured I had better ask it here. In the '/etc/ssl/openssl.cnf' file, there is an entry for: RANDFILE= $dir/private/.rand# private random number file Well, that file does not exist. I cannot find it anywhere on my system and I have not been able to figure out how to create it. Also, where could I locate some information on the 'openssl.cnf' file. There does not appear to be a 'man' page for it. I would like some more information on what all of the settings mean and possibly how to set them for my particular needs. Why do you want it? You can use the openssl rand command for doing what you may be wanting to do. $ openssl rand 1 if you want binary output of length 1 bytes or you can use the -base64 switch for ASCII output. (You don't need the RANDFILE which is probably a seed or something) Most parts of OpenSSL are not documented properly and the source code is immensely hard to follow. I have worked with the guts of OpenSSL long ago and in spite of working with it for a long time, I have always found it hard to follow what happens where. :) Well, that's a bit of a personal opinion, but have you even used the sclient and sserver functions of the openssl command? Damn, but that's a fantastic debugging tool! Nicely documented in the openssl man page, too. The code is one of the most intricate uses of the wonderful C language. :) Enjoy the fun! :) Thanks. regards, Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
