使用OpenSSL的EVP_PKEY_keygen之前，是否需要种任何随机数生成器？ [英] Do I need to seed any random number generator before using EVP_PKEY_keygen of OpenSSL?

问题描述

在OpenSSL Wiki页面上， EVP密钥和参数生成页面，其中列出了以下内容：

On the OpenSSL Wiki page called EVP Key and Parameter Generation it states the following:

由于这些函数使用随机数字，您应该确保随机数字生成器正确播种

Since these functions use random numbers you should ensure that the random number generator is appropriately seeded

但 EVP_PKEY_keygen 没有任何地方它提到播种一个随机数发生器。它仅讨论用于生成密钥的非EVP功能的低级别文档页面。

But nowhere on EVP_PKEY_keygen does it make mention of seeding a random number generator. It only discusses the low-level doc pages for non-EVP functions for generating keys.

当我们的搜索引擎功能是使用。

I have also searched and everywhere no mention is made of seeding when the EVP functions are used.

所以我的问题是我可以假设在更高层次的执行副总裁职能中为我内部完成了种子？

So my question is; May I assume that the seeding is done internally for me in the higher-level EVP functions?

如果我确实需要做，那么我必须看看哪些功能？

If I do need to do it then which functions must I have a look at?

推荐答案

但无法在 https://www.openssl.org/docs/crypto/EVP_PKEY_keygen.html ，它提供播种一个随机数字生成器....

but nowhere on https://www.openssl.org/docs/crypto/EVP_PKEY_keygen.html it makes any mention of seeding a random number generator....

请参阅OpenSSL维基页面随机数字。

See the OpenSSL wiki page Random Numbers. It takes you through it in grueling detail.

...没有提到是使用EVP功能时播种

... no mention is made of seeding when the EVP functions are used

EVP功能使用库中使用的任何生成器。它可以是 md_rand 或FIPS AES / CTR生成器。没有什么特别的获取EVP功能的随机数（而不是其他功能）。

The EVP functions use whatever generator is in use for the library. It could be md_rand or a FIPS AES/CTR generator. There's nothing special to get random numbers for the EVP functions (as opposed to other functions).

我可以假设在更高级别的执行副总裁职能中为我内部完成了种子？

May I assume that the seeding is done internally for me in the higher-level EVP functions?

是的，如果你没有自己种植发电机。如果你播种发电机并且有足够的熵，那么它不会自动种子本身。

Yes, if you did not seed the generator yourself. If you seeded the generator and there's sufficient entropy, then it will not auto-seed itself.

你应该避免让发电机自动种子。有关详细信息，请参阅OpenSSL Wiki页面随机数字。

You should avoid allowing the generator to auto-seed itself. See the OpenSSL wiki page Random Numbers for the details.

在使用EVP接口时，无法播放/自动种植发生器。无论你做什么都适用于所有事情。

There's nothing special about seeding/auto-seeding a generator when using EVP interfaces. Whatever you do applies to everything.

如果我需要做，那么哪些功能我必须看看吗？

If I do need to do it then which functions must I have a look at?

OpenSSL维基页面随机数字提供更多的细节，但你应该做一些类似于：

The OpenSSL wiki page Random Numbers provides more details, but you should do something like:

int rc = RAND_load_file("/dev/urandom", 32);
if(rc != 32) {
    /* RAND_load_file failed */
}

/* OK to proceed */

你想避免直接调用 RAND_poll ，而你想避免自动-seeding（内部调用 RAND_poll ）。

You want to avoid a direct call to RAND_poll, and you want to avoid auto-seeding (which calls RAND_poll internally).

这篇关于使用OpenSSL的EVP_PKEY_keygen之前，是否需要种任何随机数生成器？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！