/
yhsm-linux-add-entropy.1
69 lines (60 loc) · 1.98 KB
/
yhsm-linux-add-entropy.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
.\" Copyright (c) 2011 Yubico AB
.\" See the file COPYING for license statement.
.\"
.de URL
\\$2 \(laURL: \\$1 \(ra\\$3
..
.if \n[.g] .mso www.tmac
.TH yhsm-linux-add-entropy "1" "December 2011" "python-pyhsm"
.SH NAME
yhsm-linux-add-entropy \(hy Seed the Linux entropy pool with data from YubiHSM TRNG
.SH SYNOPSIS
.B yhsm-linux-add-entropy
[\fIoptions\fR]
.SH DESCRIPTION
The YubiHSM uses "Avalanche Noise" TRNG together with USB SOF jitter sampling
to feed a DRBG_CTR algorithm (NIST publication SP800-90). The result has been
verified as being random data of good quality by at least one third party
cryptographer.
.URL "http://sartryck.idg.se/Art/Yubihsm_1_TW072011.html"
Use this program to add random data from the YubiHSM to the entropy pool of
your Linux operating system. This is useful whenever lots of random data is needed,
such as when generating chryptographic keys (GPG-keys), on a server terminating SSL
sessions etc.
You may run this script from cron, or in a while-loop. Make sure it does not run
at the same time as something else accessing the YubiHSM though, or the two tasks
may interrupt each other \(hy probably making both fail.
.SH OPTIONS
.PP
.TP
\fB\-D\fR, \fB\-\-device\fR
device file name (default: /dev/ttyACM0).
.TP
\fB\-v\fR, \fB\-\-verbose\fR
enable verbose operation.
.TP
\fB\-c\fR, \fB\-\-count\fR
number of iterations to run (default: 100).
.TP
\fB\-r\fR, \fB\-\-ratio\fR
bits per byte read to use. 8 is probably fine, but as a conservative default 2 is used.
.TP
\fB\-\-debug\fR
enable debug printout, including all data sent to/from YubiHSM.
.SH "EXIT STATUS"
.IX Header "EXIT STATUS"
.IP "\fB0\fR" 4
.IX Item "0"
Entropy added successfully
.IP "\fB1\fR" 4
.IX Item "1"
Failure
.SH BUGS
Report python-pyhsm/yhsm-linux-add-entropy bugs in
.URL "https://github.com/Yubico/python-pyhsm/issues/" "the issue tracker"
.SH "SEE ALSO"
The
.URL "https://github.com/Yubico/python-pyhsm/" "python-yubico home page"
.PP
YubiHSMs can be obtained from
.URL "http://www.yubico.com/" "Yubico" "."