On Wed, Nov 08, 2000 at 12:00:57PM +0100, Frédéric Gariador wrote:
> I'd like to use Openssl to generate a RSA key pair on Window NT.
>
> I wonder about some issues :
>
> - I use the -rand option to specify files used to seed the random number
> generator.
> According to the number of these file and their size, the number of
> semi-random bytes loaded by openssl vary (this values is outputted
> by the openssl command).
>
> What is a good value range for this number ?
This depends on how unpredictable your files really are. If they
contain actual randomness, then 1024 bytes is plenty.
> - When the generation process ends, the following message is systematically
> outputted: "unable to write 'random state'"
>
> - What does that mean ?
> - Is that important ?
There's a default file for randomness, which is used even without the
-rand option: If environment variable RANDFILE exists, then the
filename in RANDFILE is used; otherwise, if environment variable HOME
is set, then file .rnd in directory $HOME is used; otherwise the file
is .rnd in the current directory. Unless seeding was obviously
insufficient, the applications try to write back to that file so that
they have some random seeding the next time one of them is called.
That warning message means that writing to the file determined as
described above did not work, for whatever reasons -- maybe $HOME
is set incorrectly.
--
Bodo Möller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
