Merge pull request #209 from mirko/master
Add option to retrieve additionaly entropy from YubiKey itself
This commit is contained in:
commit
d306be5a67
13
README.md
13
README.md
|
@ -320,6 +320,18 @@ $ cat /proc/sys/kernel/random/entropy_avail
|
||||||
|
|
||||||
Most operating systems use software-based pseudorandom number generators. A hardware random number generator like [OneRNG](https://onerng.info/onerng/) will [increase the speed](https://lwn.net/Articles/648550/) of entropy generation and possibly the quality.
|
Most operating systems use software-based pseudorandom number generators. A hardware random number generator like [OneRNG](https://onerng.info/onerng/) will [increase the speed](https://lwn.net/Articles/648550/) of entropy generation and possibly the quality.
|
||||||
|
|
||||||
|
From YubiKey firmware version 5.2.3 onwards - which introduces "Enhancements to OpenPGP 3.4 Support" - we can gather additional entropy from the YubiKey itself via the SmartCard interface.
|
||||||
|
|
||||||
|
## YubiKey
|
||||||
|
|
||||||
|
To feed the system's PRNG with entropy generated by the YubiKey itself, issue:
|
||||||
|
```console
|
||||||
|
$ echo "SCD RANDOM 512" | gpg-connect-agent | sudo tee /dev/random | hexdump -C
|
||||||
|
```
|
||||||
|
This will seed the Linux kernel's PRNG with additional 512 bytes retrieved from the YubiKey.
|
||||||
|
|
||||||
|
## OneRNG
|
||||||
|
|
||||||
Install and configure OneRNG software:
|
Install and configure OneRNG software:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
|
@ -2447,3 +2459,4 @@ Admin PIN: 12345678
|
||||||
* https://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/
|
* https://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/
|
||||||
* https://mlohr.com/gpg-agent-forwarding/
|
* https://mlohr.com/gpg-agent-forwarding/
|
||||||
* https://www.ingby.com/?p=293
|
* https://www.ingby.com/?p=293
|
||||||
|
* https://support.yubico.com/support/solutions/articles/15000027139-yubikey-5-2-3-enhancements-to-openpgp-3-4-support
|
||||||
|
|
Loading…
Reference in New Issue