Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > focus-linux > 03 > 020118.html (Request Expert securityfocus.com Support)

RE: openSSL Key generation

From: Simon Thornton <simon.thornton(at)swift.com>
Date: Mon Feb 10 2003 - 05:36:55 EST


Hi Leland,

> nohup time /usr/bin/openssl genrsa -rand /dev/urandom
> 1024 > /tmp/server.key &

Two things occur to me; it's waiting for you to enter a password to protect the key, as the process is bg it's blocked. The other thing that can occur (very rarely) on linux is that the urandom system is not getting enough entropy to generate random numbers needed by OpenSSL. This can be tested by using:

        dd if=/dev/urandom of=/tmp/rand bs=2k count=1

This should return almost immediately and generate a 2k file /tmp/urandom.bin, if it does not return but blocks, then you have an entropy gathering problem. I doubt it will be a prob. but this is the way to check.

Several suggestions:

  1. remove the '-rand /dev/urandom' statement, it reads this by default (under Linux). On SUN machines there is no /dev/urandom, PRNGd is used instead. Unless you need an alternate random source, you don't to specify and scripts transport easily between OS's.
  2. Use '-out /tmp/server.key' instead of piping the key, it's easier to separate the key from any errors.
  3. The keygen process requires you to enter a passwd for the key, which is why it is never completes. if you 'fg' the process and then type in the passwd+ENTER, repeated twice, the process will complete.
  4. If you are unsure of the syntax, run openssl in interactive mode and use '?' to get help: 
	# openssl
	OpenSSL> ?
	OpenSSL> genrsa ?

The docs are often outdated, this is the only sure way to know what is compiled in.   

Rgds,   

Do you need help?X

Simon Thornton


BTW, FWIW, IMHO, AFAIK, yes. OTOH, AAMOF, maybe not. YMMV

  • application/x-pkcs7-signature attachment: smime.p7s
Received on Tue Feb 11 11:34:53 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:20 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library