14

What is the purpose of the RANDFILE in an OpenSSL configuration file (specifically, the ca section)? The man page entry, config, just describes this as:

At startup the specified file is loaded into the random number generator, and at exit 256 bytes will be written to it.

But I can't tell how OpenSSL uses it. Does OpenSSL use it and only it for randomness, or is it just a salt for randomness taken from elsewhere? Do I need to include it every time, and if so, how much data should be in it?

Addendum

Would it confer any security advantage to save output from openssl rand to this file?

Jonathan Wilbur
  • 565
  • 1
  • 5
  • 12

1 Answers1

15

RANDFILE is used by OpenSSL to store some amount (256 bytes) of seed data from the CSPRNG used internally across invocations. This is particularly useful on low-entropy systems (i.e., embedded devices) that make frequent SSL invocations.

The file is loaded via the function RAND_load_file. Looking at the source, we see that the contents of the file are added to the RNG via RAND_add, so they are in addition to any existing entropy in the RNG.

Since the RNG loads some entropy from system-specific entropy sourcess at the time it is initialized, it seems that RANDFILE is definitely not the only source of entropy used for the RNG state.

Would it confer any security advantage to save output from openssl rand to this file?

That's essentially what OpenSSL does when it says "at exit 256 bytes will be written to it". If you'd like to seed it from something initially, I recommend /dev/urandom, like so:

dd if=/dev/urandom of=randfile bs=256 count=1

David
  • 16,074
  • 3
  • 51
  • 74