Gerd Schering wrote:
> Hello,
>
> we purchased a hrng for the generation of RSA keys for instance.
> It is an USB device an shows up as /dev/qrandom.
>
> So, in order to generate rsa keys, is it sufficient to use it as a
> replacement for /dev/urandom and to call genrsa as
>
> openssl genrsa -rand /dev/qrandom 2048 ?
>
Yes, it is sufficient. Please note that a source not having a definite
EOF (End Of File) will lead to an infinite loop reading from the source.
It may therefore be necessary to read a specified amount of entropy
first into an intermediate file to be fed via "-rand".
Note: if /dev/urandom is available, OpenSSL will read an additional amount
of random bytes from it whether an explicit seed source is available or
not. This however does not reduce the quality of the entropy provided
by your source.
> I am not shure about the role of /dev/urandom: does it deliver a
> (pseudo) random number or the salt for the PRNG?
It is used to seed OpenSSL's internal PRNG.
Best regards,
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
