OpenSSL-enabled apps should, on installation to an 11.11 site host, do everything they have to to ensure proper operation. Even though it's well-known in cryptographic circles, the need for secure random numbers for cryptography is not well-known in the rest of the computer-using world; documenting "This application uses OpenSSL, which requires cryptographically-secure random numbers which are provided by the prngd process; if prngd is not running, it will be started by this application" without giving the user an option is probably the best thing that could be done to ensure proper behavior.
(Though I do have to ask whether any security bugs have historically been found in prngd. I don't use HP/UX, so...) -Kyle H On Thu, Sep 4, 2008 at 1:28 PM, Welling, Conrad Gerhart <[EMAIL PROTECTED]> wrote: > Mike: > I appreciate the clarification on HPUX 11.11 RNG. When I scanned HPUX > documentation for RNG info a couple of months back, it was not totally clear > to me what my OpenSSL-enabled app should do when installed on a 11.11 site > host. One take was to, upon installation on 11.11, ask installer if they > were ok with having the app start RNG if needed, then figuring out if it was > needed. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Huey, Mike > Sent: Wednesday, September 03, 2008 3:58 PM > To: openssl-users@openssl.org > Subject: RE: Error when creating certificate in HPUX > > > If you are on 11.11 you need to see if you have random number generator > installed. You can get the rand gen product for 11.11 from: > http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I > > If you do not want to install a random number generator, then check to see if > prngd is running. If prngd is not running you can start it by > > :/sbin/init.d/prngd.rc start > > It would be useful to know what version of HP-UX and OpenSSL you are using. > > You can get the latest openssl for HP-UX at: > http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I > > -Mike > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tan, Liao > Sent: Wednesday, September 03, 2008 5:52 AM > To: openssl-users@openssl.org > Subject: Error when creating certificate in HPUX > > Folks, > Im trying to find solution for this issue. When running the command below > > openssl genrsa -des3 -out mydomain.com.key 1024 > > to create the key pair certificate, it gives me the error: > > ===================== > warning, not much extra random data, consider using the -rand option > Generating RSA private key, 1024 bit long modulus > 26995:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not > seeded:md_rand.c:503:You need to read the OpenSSL FAQ, > http://www.openssl.org/support/faq.html > 26995:error:04081003:rsa routines:RSA_BUILTIN_KEYGEN:BN lib:rsa_gen.c:183: > ===================== > > Please, any idea on wot´s going on? This is a production machine, Im in touch > with the SA, I wont be able to perform tests, reallocate files, etc. > > Please your prompt attention. > Thank you > Ingrid > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >
