correctly. OpenSSL 0.9.5 and later make the error visible by refusing
to perform potentially insecure encryption.
-On systems without /dev/urandom, it is a good idea to use the Entropy
-Gathering Demon; see the RAND_egd() manpage for details.
+On systems without /dev/urandom and /dev/random, it is a good idea to
+use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
+details. Starting with version 0.9.7, OpenSSL will automatically look
+for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
+/etc/entropy.
Most components of the openssl command line tool try to use the
file $HOME/.rnd (or $RANDFILE, if this environment variable is set)
for seeding the PRNG. If this file does not exist or is too short,
the "PRNG not seeded" error message may occur.
-
-[Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version
-0.9.5 does not do this and will fail on systems without /dev/urandom
-when trying to password-encrypt an RSA key! This is a bug in the
-library; try a later version instead.]
+Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
+Use the "-rand" option of the OpenSSL command line tools instead.
+The $RANDFILE environment variable and $HOME/.rnd are only used by the
+OpenSSL command line tools. Applications using the OpenSSL library
+provide their own configuration options to specify the entropy source,
+please check out the documentation coming the with application.
For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
installing the SUNski package from Sun patch 105710-01 (Sparc) which
projects / openssl.git / blobdiff