Alternative to -rand option for genpkey
James Muir
james at openssl.org
Fri Jan 12 04:08:21 UTC 2024
On 2024-01-11 07:35, Raj via openssl-users wrote:
> When generating private keys with `ecparam` or `genrsa` in OpenSSL, it
> is possible to use the parameter `-rand file.dat` where file.dat is used
> as additional seed for the RNG, as far as I understand.
I believe that if you give the option "-rand file.dat", then the RNG is
seeded only from file.dat (i.e. it is not an additional seed -- it is
the whole seed).
> I would like to generate private Ed448 and Ed25519 keys with an
> additional random source provided as file. Is there a way to do that?
> I'm using version 3.1.0 btw.
You could try using a config file:
https://www.openssl.org/docs/manmaster/man5/config.html
Have a look at the "random" section and the info about setting the
variable "seed".
-James M
More information about the openssl-users
mailing list