Hi Jakob, Thank you for your response.
So If I understand, when genrsa or rand command is called, it uses the seeded random number from /dev/random or /dev/urandom and generates the key and then re-seeds the random bytes from the /dev/random or/dev/urandom. And it will use the configrued RANDFILE for this purpose. Is my understanding correct. So f I want to reseed the random seeds generated from /dev/random or /dev/urandom I need to use the RAND_add command checking for the entropy. this RAND_add command is from a C API as I could not find a command or script from openssl directly. Is it compiled as a C library?. or can we use any custom API etc.. to generate and add on to the one generated from /dev/random or /dev/urandom to have enough entropy. Appreciate your help on this. Thanks, Srikanth On Fri, Jun 7, 2013 at 3:38 PM, Jakob Bohm <jb-open...@wisemo.com> wrote: > On 6/6/2013 4:57 AM, srikanth chakravarthula wrote: > >> Hi I need help in openssl random seed genertion. >> >> We use the genrsa command to generate keys and certificates and we >> want to ensure the entropy of the random number being generated is >> having a high entropy. >> >> we need to know how does openssl while genrting the key using the >> command genrsa will generate the random number and of what bytes does >> it. >> >> How can we improve the entropy before generating the key, we use >> dev/urandom and its been said that there is an options like rand_add >> and rand_seed. >> >> On platforms with /dev/random and /dev/urandom, openssl by default > seeds itself from one of those. On other platforms, the documentation > is murky at best. > > rand_add() is what your own code would call if it had a different and > better source of entropy which was for some reason not set up to just > add its entropy to the /dev/urandom system pool automatically (most > hardware entropy sources on the market do that). > > > How do I call these API's using the shell script before generating the >> keys to ensure high entropy is achieved. Also how do I output the >> random seed generated to check for the entropy. >> >> > Use the -rand option > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com > Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded > ______________________________**______________________________**__________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Regards, Srikanth
