Gerd Schering wrote: > Hello, > > we purchased a hrng for the generation of RSA keys for instance. > It is an USB device an shows up as /dev/qrandom. > > So, in order to generate rsa keys, is it sufficient to use it as a > replacement for /dev/urandom and to call genrsa as > > openssl genrsa -rand /dev/qrandom 2048 ? > Yes, it is sufficient. Please note that a source not having a definite EOF (End Of File) will lead to an infinite loop reading from the source. It may therefore be necessary to read a specified amount of entropy first into an intermediate file to be fed via "-rand".
Note: if /dev/urandom is available, OpenSSL will read an additional amount of random bytes from it whether an explicit seed source is available or not. This however does not reduce the quality of the entropy provided by your source. > I am not shure about the role of /dev/urandom: does it deliver a > (pseudo) random number or the salt for the PRNG? It is used to seed OpenSSL's internal PRNG. Best regards, Lutz ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]