[openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK

[Wim Lewis]

On 23. maí 2018, at 10:08 f.h., redpath <redpath at us.ibm.com> wrote:
> SO if I add this RAND usage below, em I seeding to assure a different RSA key
> pair each time run of creating a RSA pair.
> 
> I would certainly replace the time with the UUID of the device to be unique
> to the device. You would have to acquire the device to know the seeding. Hey  keep the Time
> one too.


Attempting to provide a more useful response ...

That is the right way to add entropy to the pool, but (as everyone else has said) neither the current time nor the device's UUID provide enough entropy to satisfy any cryptographic requirements. Adding them to the random pool won't hurt, but you should set the entropy-estimate argument equal to zero (like you did in your example).

Depending on your OpenSSL version *and the platform it's running on*, OpenSSL may automatically seed the random pool from the platform's random-number source(s). It does this by calling RAND_poll(), which is documented in the same manual page as RAND_add(). So, normally you do not need to worry about explicitly seeding the random number generator.

However, if you're running on an embedded device, or running immediately after bootup, or some other situation in which OpenSSL can't get good entropy from the system, you may need to figure out how to supply some yourself. That's pretty difficult to do.