Copy/download the quick build steps file and execute it with sh quick-build-steps.sh and if you are on Debian and have Docker it should fetch the Dockerfile here which when run with the docker build in the script clones scdtools and installs scdrand (and scdtotp) on your host system.
After you've installed it you can run sudo scdrand to get try and add some entropy to the kernel pool.
| FROM debian | |
| # Original location: https://gist.github.com/dragon788/54eb8592136192787e6f997e1ed0917a/ | |
| ENV DEBIAN_FRONTEND=noninteractive | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| ca-certificates \ | |
| gnupg \ | |
| autoconf \ | |
| automake \ | |
| build-essential \ | |
| libtool \ | |
| shtool \ | |
| libgcrypt20-dev \ | |
| libassuan-dev \ | |
| libgpg-error-dev \ | |
| git | |
| WORKDIR / | |
| RUN git clone https://git.incenp.org/damien/scdtools.git | |
| WORKDIR /scdtools | |
| RUN autoreconf --install && \ | |
| ./configure && \ | |
| make && \ | |
| make install | |
| # The above will drop the binary into the host system's /usr/local/bin if it was mapped as a bind mount | |
| # Put this Dockerfile in an empty directory and run the next two commands | |
| # docker build -t sctools . | |
| # docker run --mount type=bind,source=$(pwd),target=/scdtools --mount type=bind,source=/usr/local/bin/,target=/usr/local/bin/ -w /scdtools scdtools |
| #!/bin/bash | |
| # Original location: https://gist.github.com/dragon788/54eb8592136192787e6f997e1ed0917a/ | |
| set -u | |
| # Referenced by Nitrokey in their docs, borrowed from https://lists.archive.carbon60.com/gnupg/users/80681#80681 | |
| if [ "$(whoami)" != "root" ]; then | |
| echo "Must be root (only root can add entropy to the kernel)" | |
| exit 1 | |
| fi | |
| : ${SCDRAND_REQ_BYTES:=512} \ | |
| ${SCDRAND_INTERVAL:=2s} | |
| echo "Activating scdaemon" | |
| gpg2 --card-status | |
| current_bytes=$(( $(cat "/proc/sys/kernel/random/entropy_avail") / 8)) | |
| echo "${WIPE_ENTROPY:+'Wiping entropy not requested'}" | |
| if [ -z "${WIPE_ENTROPY:-}" ]; the | |
| echo "Emptying existing kernel random pool ($current_bytes)" | |
| dd if=/dev/random of=/dev/null bs=1 count="$current_bytes" | |
| fi | |
| echo "Starting scdrand with:" | |
| echo " - sleep time $SCDRAND_INTERVAL" | |
| echo " - continuously add $SCDRAND_REQ_BYTES random bytes from smartcard" | |
| scdrand -l -i $SCDRAND_INTERVAL $SCDRAND_REQ_BYTES & | |
| sleep 3 | |
| watch -n 1 cat "/proc/sys/kernel/random/entropy_avail" |
| #!/bin/sh | |
| # Original location: https://gist.github.com/dragon788/54eb8592136192787e6f997e1ed0917a/ | |
| set -euo pipefail | |
| set -x | |
| # Run this script to fetch the Dockerfile and then build a container that clones the latest version of scdtools and builds it | |
| hash apt-get || { echo "This script currently grabs a Dockerfile only suitable for building on Debian/Ubuntu based systems"; exit 3; } | |
| hash docker || { echo "Docker not found, please install it from your package manager or https://get.docker.com"; exit 2; } | |
| # You should examine this file on Github to make sure you understand the steps it is performing on your behalf | |
| buildtemp=$(mktemp -d tmp-scdtools.XXXXXXX) | |
| cleanup() { cd ; rm -rf $buildtemp; } | |
| trap cleanup ERR EXIT | |
| cd $buildtemp | |
| curl -LO https://gist.githubusercontent.com/dragon788/54eb8592136192787e6f997e1ed0917a/raw/Dockerfile | |
| docker build -t scdtools . | |
| docker run --mount type=bind,source=$(pwd),target=/scdtools --mount type=bind,source=/usr/local/bin/,target=/usr/local/bin/ -w /scdtools scdtools |