Hosting Provided By

Re: openSSL Key generation

From: Stephen Samuel <samuel(at)bcgreen.com>
Date: Fri Feb 14 2003 - 23:36:07 EST

When I tested to see if the trick below worked as a pipe, I got the following:
dd if=/dev/urandom bs=1024 count=1024 |/usr/bin/openssl genrsa -rand - 1024 > server.key 0 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus ....++++++

................++++++

e is 65537 (0x10001)
5+0 records in
4+0 records out

(The output from DD is ignored, and the pipe write fails once the pipe fills up and openssl dies).

I get the same result if I use Non_existant_file instead of '='

The point here is that if the random byte input file doesn't exist (or is un-openable), openssl silently ignores the error snd continues with no input data. This is not (for me at least) the expected response. I would, at the very least, expect an error message and, perhaps a non-zero return code. Preferrably, it should refuse to generate the key until the obvious error is corrected.

Michal Luczak (warf) wrote:

> If you really want to use /dev/urandom then try something like this:

-- 
Stephen Samuel +1(604)876-0426                samuel@bcgreen.com
		   
http://www.bcgreen.com/~samuel/
Powerful committed communication, reaching through fear, uncertainty and
doubt to touch the jewel within each person and bring it to life.

Received on Tue Feb 18 17:05:41 2003

This message: [ Message body ]
Next message: Nick Austin: "Re: LKM Trojan installed"
Previous message: Rivanor P. Soares: "Re: LKM Trojan installed"
In reply to Michal Luczak (warf): "Re: openSSL Key generation"
Next in thread: Felix Cuello: "entropy + openSSL question"
Reply: Felix Cuello: "entropy + openSSL question"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:20 EDT

Do you need help?