On Tue, Feb 12, 2002 at 12:47:45PM -0500, POLIVKA-ROHRER, KEITH W (AIT) wrote:
> I'm having a problem with openssl 0.96b on HP-UX 11. I have scripts which
> create a CA key using openssl req -new; that always works fine, and never
> complains about a lack of random seed data. But for new installations (of
> my scripts and a new random file), I can successfully openssl req -new, then
> fail to openssl genrsa (it warns of low entropy in the random file, then
> dies with the "PRNG not seeded" error). But I can repeat the openssl req
> -new all day, interspersed with occasional openssl genrsa commands that
> continue to fail. Adding pseudo-random junk to the random file doesn't seem
> to help.
>
> The only way to clear this condition (which only happens for new
> installations) is to invoke the openssl command line, do a req -new, and
> then I can genrsa in the future with that installation.
>
> Has anyone seen this before? Why should there be a problem with genrsa at
> the shell prompt, but not at the openssl prompt? (Or is it the req -new
> command that differs?) Am I going nuts?
I am not sure about you going nuts :-)
Anyway it does not make much sense to me. openssl req -new should fail with
the same problem (as long as no key is supplied with the -key option).
Of course you can always modify your script and add a "-rand" option to
point to some source of randomness.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
