Re: 100 bits of entropy with FIPS/EAL4 certified hw RNG?

2012-01-19 Thread Kenneth Goldman 
> From: Magosányi Árpád 
> To: openssl-users@openssl.org, 
> Date: 01/18/2012 03:38 AM
> Subject: 100 bits of entropy with FIPS/EAL4 certified hw RNG?
>
> 1. (yes, I realise that RTFM, but which one?): 

The openssl crypto library manual.

> How should I/can I seed 
> 100 bits of entropy into the openssl-fips RNG? What is the function call 

> for this?

RAND_add()

Re: 100 bits of entropy with FIPS/EAL4 certified hw RNG?

2012-01-18 Thread Jeffrey Walton 
On Tue, Jan 17, 2012 at 1:32 PM, Magosányi Árpád  wrote:
> My application uses openssl-fips for random number generation, where the
> seeding have to have at least 100 bits of entropy coming from a hardware
> random generator which is certified either to FIPS or CC EAL4. Due to
> economy we want to use a USB token and not a full-featured HSM.
> I have two questions on that:
> 1. (yes, I realise that RTFM, but which one?): How should I/can I seed 100
> bits of entropy into the openssl-fips RNG? What is the function call for
> this?
http://www.openssl.org/docs/crypto/RAND_add.html

> 2. Any hint on which USB token is suitable for this? (I guess needing to
> call the rng more than once to gather the necessary entropy is ok).
I have a EntropKey (http://www.entropykey.co.uk/). Inexpensive and
works out of the box with a number of Linux distros, including Ubuntu
and Fedora (I don't know about others such as CentOS). No Windows
drivers, though.

Jeff
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

100 bits of entropy with FIPS/EAL4 certified hw RNG?

2012-01-18 Thread Magosányi Árpád 

Hi!

My application uses openssl-fips for random number generation, where the 
seeding have to have at least 100 bits of entropy coming from a hardware 
random generator which is certified either to FIPS or CC EAL4. Due to 
economy we want to use a USB token and not a full-featured HSM.

I have two questions on that:
1. (yes, I realise that RTFM, but which one?): How should I/can I seed 
100 bits of entropy into the openssl-fips RNG? What is the function call 
for this?
2. Any hint on which USB token is suitable for this? (I guess needing to 
call the rng more than once to gather the necessary entropy is ok).

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org