Last active
September 27, 2015 17:36
-
-
Save arobb/726b604114856d60e03a to your computer and use it in GitHub Desktop.
Enable Raspberry Pi HRNG and generate OpenSSL Elliptic Keys
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# From | |
# https://sites.google.com/site/astudyofentropy/project-definition/raspberry-pi-internal-hardware-random-number-generator | |
# http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis-hardware-random-number-generator/ | |
# Install the kernel module for the hardware RNG | |
# After this command, random data is available from /dev/hwrng | |
sudo modprobe bcm2708-rng | |
# Make sure it's activated each boot | |
# Add this to /etc/modules | |
bcm2708-rng | |
# Install random data tools (testing randomness) | |
sudo apt-get install rng-tools | |
# Generate new key and CSR. Based on | |
# http://security.stackexchange.com/questions/58077/generating-ecdsa-certificate-and-private-key-in-one-step | |
# http://superuser.com/questions/226192/openssl-without-prompt | |
# https://www.godaddy.com/help/generating-nginx-csrs-certificate-signing-requests-3601 | |
touch test.key | |
chmod 0600 test.key | |
openssl req -new -nodes -rand /dev/hwrng -newkey ec:<(openssl ecparam -name secp384r1) -subj "/C=US/ST=California/L=City/O=Person/OU=Site/CN=domainname" -keyout test.key -out test.crt -sha384 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment