From owner-freebsd-questions@FreeBSD.ORG Sun Nov 11 19:17:08 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 48B8616A417 for ; Sun, 11 Nov 2007 19:17:08 +0000 (UTC) (envelope-from fbsd06+QE=764654db@mlists.homeunix.com) Received: from turtle-out.mxes.net (turtle-out.mxes.net [216.86.168.191]) by mx1.freebsd.org (Postfix) with ESMTP id 23A5C13C4AC for ; Sun, 11 Nov 2007 19:17:07 +0000 (UTC) (envelope-from fbsd06+QE=764654db@mlists.homeunix.com) Received: from mxout-04.mxes.net (mxout-04.mxes.net [216.86.168.179]) by turtle-in.mxes.net (Postfix) with ESMTP id 11DD3163F86 for ; Sun, 11 Nov 2007 13:47:34 -0500 (EST) Received: from gumby.homeunix.com. (unknown [87.81.140.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTP id 05283D0501 for ; Sun, 11 Nov 2007 13:47:24 -0500 (EST) Date: Sun, 11 Nov 2007 18:47:22 +0000 From: RW To: freebsd-questions@freebsd.org Message-ID: <20071111184722.5d260114@gumby.homeunix.com.> In-Reply-To: <846921.73269.qm@web34404.mail.mud.yahoo.com> References: <846921.73269.qm@web34404.mail.mud.yahoo.com> X-Mailer: Claws Mail 3.0.2 (GTK+ 2.12.1; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: ' Openssl.cnf ' and ' .rand ' file X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Nov 2007 19:17:08 -0000 On Sat, 10 Nov 2007 11:22:10 -0800 (PST) White Hat wrote: > openssl 0.9.7e-p1 25 Oct 2004 > > I have not been able to find an answer to this question on Google, so > I figured I had better ask it here. > In the '/etc/ssl/openssl.cnf' file, there is an entry for: > > RANDFILE = $dir/private/.rand # private random number file > > Well, that file does not exist. I cannot find it anywhere on my > system and I have not been able to figure out how to create it. It's in the CA section so it's only used if you are signing keys. Normally openssl reads and write entropy to ~/.rnd, which creates it itself. I guess the above setting is just there to allow a different file for signing - perhaps in a more secure location. I would think these files are normally redundant since FreeBSD manages entropy itself.