|
Packit |
c4476c |
=pod
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 NAME
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
openssl-rand,
|
|
Packit |
c4476c |
rand - generate pseudo-random bytes
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 SYNOPSIS
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
B<openssl rand>
|
|
Packit |
c4476c |
[B<-help>]
|
|
Packit |
c4476c |
[B<-out> I<file>]
|
|
Packit |
c4476c |
[B<-rand file...>]
|
|
Packit |
c4476c |
[B<-writerand file>]
|
|
Packit |
c4476c |
[B<-base64>]
|
|
Packit |
c4476c |
[B<-hex>]
|
|
Packit |
c4476c |
I<num>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 DESCRIPTION
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
This command generates I<num> random bytes using a cryptographically
|
|
Packit |
c4476c |
secure pseudo random number generator (CSPRNG).
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The random bytes are generated using the L<RAND_bytes(3)> function,
|
|
Packit |
c4476c |
which provides a security level of 256 bits, provided it managed to
|
|
Packit |
c4476c |
seed itself successfully from a trusted operating system entropy source.
|
|
Packit |
c4476c |
Otherwise, the command will fail with a nonzero error code.
|
|
Packit |
c4476c |
For more details, see L<RAND_bytes(3)>, L<RAND(7)>, and L<RAND_DRBG(7)>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 OPTIONS
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=over 4
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item B<-help>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Print out a usage message.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item B<-out file>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Write to I<file> instead of standard output.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item B<-rand file...>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
A file or files containing random data used to seed the random number
|
|
Packit |
c4476c |
generator.
|
|
Packit |
c4476c |
Multiple files can be specified separated by an OS-dependent character.
|
|
Packit |
c4476c |
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
|
|
Packit |
c4476c |
all others.
|
|
Packit |
c4476c |
Explicitly specifying a seed file is in general not necessary, see the
|
|
Packit |
c4476c |
L</NOTES> section for more information.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item [B<-writerand file>]
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Writes random data to the specified I<file> upon exit.
|
|
Packit |
c4476c |
This can be used with a subsequent B<-rand> flag.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item B<-base64>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Perform base64 encoding on the output.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item B<-hex>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Show the output as a hex string.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=back
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 NOTES
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Prior to OpenSSL 1.1.1, it was common for applications to store information
|
|
Packit |
c4476c |
about the state of the random-number generator in a file that was loaded
|
|
Packit |
c4476c |
at startup and rewritten upon exit. On modern operating systems, this is
|
|
Packit |
c4476c |
generally no longer necessary as OpenSSL will seed itself from a trusted
|
|
Packit |
c4476c |
entropy source provided by the operating system. The B<-rand> and
|
|
Packit |
c4476c |
B<-writerand> flags are still supported for special platforms or
|
|
Packit |
c4476c |
circumstances that might require them.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
It is generally an error to use the same seed file more than once and
|
|
Packit |
c4476c |
every use of B<-rand> should be paired with B<-writerand>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 SEE ALSO
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
L<RAND_bytes(3)>,
|
|
Packit |
c4476c |
L<RAND(7)>,
|
|
Packit |
c4476c |
L<RAND_DRBG(7)>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 COPYRIGHT
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Licensed under the OpenSSL license (the "License"). You may not use
|
|
Packit |
c4476c |
this file except in compliance with the License. You can obtain a copy
|
|
Packit |
c4476c |
in the file LICENSE in the source distribution or at
|
|
Packit |
c4476c |
L<https://www.openssl.org/source/license.html>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=cut
|