' Openssl.cnf ' and ' .rand ' file

RW fbsd06 at mlists.homeunix.com
Sun Nov 11 11:17:08 PST 2007

On Sat, 10 Nov 2007 11:22:10 -0800 (PST)
White Hat <pigskin_referee at yahoo.com> wrote:

> openssl 0.9.7e-p1 25 Oct 2004
> I have not been able to find an answer to this question on Google, so
> I figured I had better ask it here. 
> In the '/etc/ssl/openssl.cnf' file, there is an entry for:
>     RANDFILE    = $dir/private/.rand    # private random number file
> Well, that file does not exist. I cannot find it anywhere on my
> system and I have not been able to figure out how to create it. 

It's in the CA section so it's only used if you are signing keys.

Normally openssl reads and write entropy to ~/.rnd, which creates it
itself. I guess the above setting is just there to allow a different
file for signing - perhaps in a more secure location. I would think
these files are normally redundant since FreeBSD manages entropy itself.

More information about the freebsd-questions mailing list