RE: RSA key generation on Windows

2000-11-14 Thread Frédéric Gariador 

Thank you for your answer !

But it leads to another question :-)

Do you know a reliable tools that permit to generate
a file containing actual randomn numbers on Windows NT ?


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Bodo Moeller
Sent: vendredi 10 novembre 2000 09:21
To: [EMAIL PROTECTED]
Subject: Re: RSA key generation on Windows


On Wed, Nov 08, 2000 at 12:00:57PM +0100, Frédéric Gariador wrote:

> I'd like to use Openssl to generate a RSA key pair on Window NT.
>
> I wonder about some issues :
>
> - I use the -rand option to specify files used to seed the random number
> generator.
> According to the number of these file and their size, the number of
> semi-random bytes loaded by openssl vary (this values is outputted
> by the openssl command).
>
> What is a good value range for this number ?

This depends on how unpredictable your files really are.  If they
contain actual randomness, then 1024 bytes is plenty.


> - When the generation process ends, the following message is
systematically
> outputted: "unable to write 'random state'"
>
>   - What does that mean ?
>   - Is that important ?

There's a default file for randomness, which is used even without the
-rand option: If environment variable RANDFILE exists, then the
filename in RANDFILE is used; otherwise, if environment variable HOME
is set, then file .rnd in directory $HOME is used; otherwise the file
is .rnd in the current directory.  Unless seeding was obviously
insufficient, the applications try to write back to that file so that
they have some random seeding the next time one of them is called.
That warning message means that writing to the file determined as
described above did not work, for whatever reasons -- maybe $HOME
is set incorrectly.


--
Bodo Möller <[EMAIL PROTECTED]>
PGP
http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: RSA key generation on Windows

2000-11-10 Thread Bodo Moeller 

On Wed, Nov 08, 2000 at 12:00:57PM +0100, Frédéric Gariador wrote:

> I'd like to use Openssl to generate a RSA key pair on Window NT.
> 
> I wonder about some issues :
> 
> - I use the -rand option to specify files used to seed the random number
> generator.
> According to the number of these file and their size, the number of
> semi-random bytes loaded by openssl vary (this values is outputted
> by the openssl command).
> 
> What is a good value range for this number ?

This depends on how unpredictable your files really are.  If they
contain actual randomness, then 1024 bytes is plenty.


> - When the generation process ends, the following message is systematically
> outputted: "unable to write 'random state'"
> 
>   - What does that mean ?
>   - Is that important ?

There's a default file for randomness, which is used even without the
-rand option: If environment variable RANDFILE exists, then the
filename in RANDFILE is used; otherwise, if environment variable HOME
is set, then file .rnd in directory $HOME is used; otherwise the file
is .rnd in the current directory.  Unless seeding was obviously
insufficient, the applications try to write back to that file so that
they have some random seeding the next time one of them is called.
That warning message means that writing to the file determined as
described above did not work, for whatever reasons -- maybe $HOME
is set incorrectly.


-- 
Bodo Möller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]