Re: seeding /dev/random from a security key

[Jeffrey Walton <noloader@gmail.com>]

On Tue, Mar 26, 2024 at 7:12 PM Björn Persson <Bjorn@rombobjörn.se> wrote:
>
> Jeffrey Walton wrote:
> > For what you want to do, and if I am parsing it correctly... I would
> > write a daemon in C [...]
>
> Only in the unlikely case that both RNGD and SCDrand turn out unsuitable
> somehow. Writing and compiling a daemon is no less work than compiling
> an already written daemon.
>
> > The part about extracting the entropy from the source would use
> > OpenSSL or GnuPG. I believe you would compile and link to OpenSSL's
> > libcrypto.{a|so}, or GnuPG's libgcrypt.{a|so}.
>
> RNGD 6 actually uses OpenSC's libp11, where it calls the function
> PKCS11_generate_random, which in turn calls the PKCS #11 function
> C_GenerateRandom.

It sounds like you have it sorted out. Good luck with it.

Jeff