seeding /dev/random from a security key

To: <debian-user@lists.debian.org>
Subject: seeding /dev/random from a security key
From: Björn Persson <Bjorn@xn--rombobjrn-67a.se>
Date: Mon, 25 Mar 2024 21:24:23 +0100
Message-id: <[🔎] 20240325212423.1640ccb0@tag.xn--rombobjrn-67a.se>

Hello!

In a quest to acquire hardware random number generators for seeding
/dev/random on servers that lack a built-in entropy source, I'm
investigating how random data can be obtained from a security key such
as a Nitrokey, Yubikey or a similar device.

RNGD version 6 from https://github.com/nhorman/rng-tools can fetch
random data through a PKCS #11 interface, but the two versions of RNGD
in Debian seem to lack that ability. Debian has rng-tools5 and
rng-tools-debian, but not Neil Horman's version 6. Or am I just failing
to find it?

SCDrand from https://incenp.org/dvlpt/scdtools.html can also obtain
random data from a "smartcard"-compatible device, but I don't find that
in Debian either.

Does anyone know of another way to obtain random data from devices of
this kind?

Björn Persson

Attachment: pgphzTGu_8RdJ.pgp
Description: OpenPGP digital signatur

Reply to:

Follow-Ups:
- Re: seeding /dev/random from a security key
  - From: Andy Smith <andy@strugglers.net>
- Re: seeding /dev/random from a security key
  - From: Jeffrey Walton <noloader@gmail.com>

Prev by Date: $USER vs. $LOGNAME and the EnvironmentVariables wiki page
Next by Date: Re: $USER vs. $LOGNAME and the EnvironmentVariables wiki page
Previous by thread: Re: $USER vs. $LOGNAME and the EnvironmentVariables wiki page
Next by thread: Re: seeding /dev/random from a security key
Index(es):
- Date
- Thread