Hi, On Sunday, 20 November 2022 04:59:32 GMT John Scott via Gnupg-users wrote: > I'd like to try writing a program for my libreCMC router that feeds the > Linux entropy pool with data from the token's true RNG.
FYI, I wrote a similar program a few years ago: scdrand [1]. It uses Scdaemon’s RANDOM command to extract random bytes from any Scdaemon-supported token (be it a Gnuk token, an actual smartcard, a Yubikey, etc.) and feed them to the kernel’s entropy pool. I am not really using it anymore because I found that I had no longer any need for it with recent Linux kernels, but it should still work. Of course, this should not dissuade you from writing your own program. :) > I also notice that OpenSC has the feature to get an arbitrary number of > random bytes from the card with its OpenPGP module […] does this > probably use the same mechanism under-the-hood Yes. Both Scdaemon’s RANDOM and pkcs11-tool’s --generate-random work by sending the token a ISO7816 "GET CHALLENGE" command, which instructs the token to send back random bytes. Whether “excessive use” of that command end up damaging the token, and what is “excessive use”, ultimately depends on how that command is implemented token-side. In the specific case of the Gnuk token, the GET CHALLENGE command is implemented using the same logic as the one used in NeuG [2]. I have not looked in details how NeuG works, but given that it is specifically intended as a random number generator, I’d say it’s safe to assume than using it as intended cannot ”destroy the token”. :) Hope that helps. - Damien [1] https://git.incenp.org/damien/scdtools [2] https://www.gniibe.org/memo/development/gnuk/rng/neug.html
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
