Hi Samuel,
For what I'm doing at the moment, all of the random data is generated on
our servers and only stored in a private / public key pair on the device.
Thanks for the heads up though.
~/Chris
Samuel Reed wrote:
Chris,
On a related note to embedded openssl, but not pertaining to your question:
I tried something similar in the past, and discovered there must be a provided source of randomness. I am not sure if your embedded device can provide this. If you do not have suitable hardware or /dev/random (or urandom?), you will probably have to provide a file with truly random data in it. Off the top of my head I do not recall where this goes, but I think details are in the man pages someplace.
Just a friendly heads-up before you run the tests and see failures. ;)
Regards,
Sam
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Christopher Friedt
Sent: Sunday, May 20, 2007 4:00 AM
To: openssl-users@openssl.org
Subject: engines on an embedded device
Hello everyone,
This is my first post to the list here, so please bear with me.
I'm building OpenSSL for an embedded device that has no hardware crypto
devices.
As far as I understand, that means I don't need any of the 'engine'
libraries, is that true? I'm assuming that the default 'openssl' engine
is built directly into libssl.
Obviously, my goal is to install openssl with only the bare minimums for
what I need so that it takes up as little space as possible. For my
purposes, and how I've done this in the past, involves only libssl and
libcrypto as shared objects. I only need the actual openssl executable
for a 1 time operation, but I've included it on my filesystem anyway.
The relevent ./Configure options I use at the moment are:
shared no-static no-cast no-md2 no-mdc2 no-rc2 no-rc4 no-rc5 no-dso
no-idea no-krb5 no-ripemd
I only need openssl for 1 thing actually - openvpn - but i'd rather have
the shared objects on hand just in case i need to link anything else
with it.
Is there a Configure option / Makefile environment variable that will
entirely skip the creation of extraneous engine libraries?
Cheers,
Chris
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
