Restrict RAND to producing 63 random bits

Viktor Dukhovni openssl-users at
Thu Jul 20 23:42:49 UTC 2023

On Thu, Jul 20, 2023 at 05:59:17PM -0400, Robert Moskowitz wrote:
> And the advantage of your approach is you can make a serialNumber longer 
> than 8 bytes.

No, because the shell doesn't do multi-precision arithmetic.  However,
a small tweak does the job.  For example, for 20 bytes:

    $ printf "%02x%s\n" $(( 0x$(openssl rand -hex 1) & 0x7f )) $(openssl rand -hex 19)


More information about the openssl-users mailing list