TectroLabs | Using alrng utility for retrieving random bytes produced by AlphaRNG devices on Linux, freeBSD, macOS and Windows

The alrng software utility can be used to verify the AlphaRNG installation status and to retrieve true random bytes from a AlphaRNG.

Note: It will require sudo permissions when using alrng utility with Linux or freeBSD based systems.

Linux, freeBSD, macOS and Windows

The software kit contains C++ source files that can be included in other projects for communicating with the AlphaRNG device directly.

AlphaRNG devices are viewed by Linux as ttyACM devices, by macOS as cu.usbmodem devices and by Windows as COM ports.

After the AlphaRNG device is plugged into an available USB port, to verify that the device was successfully configured, run the following from the command line:

alrng –l

When the SwiftRNG device is successfully installed and ready, the output from running the above command should look similar to this:

Device 0: 'Alpha True RNG ', S/N: F0383F99E34084B, version: 1.0

Where:

Device – logical device number starting with 0
‘Alpha True RNG ‘ – RNG device model
S/N – Unique serial number assigned to each AlphaRNG device when manufactured
version – AlphaRNG device version

Retrieving entropy bytes

Using a secure connection with AES-256-GCM cipher

By default, alrng uses AES-256-GCM cipher to secure data transmission over the USB interface.

To retrieve 120,000 bytes of entropy from the AlphaRNG device to rnd.bin file using default settings, enter the following command:

alrng -e -o rnd.bin -n 120000

Using a secure connection with AES-256-GCM cipher and HMAC

By default, the MAC verification is disabled in alrng. To retrieve 120,000 bytes of entropy from the AlphaRNG device to rnd.bin file using AES-256-GCM cipher and HMAC-SHA-256 verification, enter the following command:

alrng -e -o rnd.bin -n 120000 -m hmacSha256

Using a non secure connection

You can disable the cipher to achieve maximum data transfer rate over the USB interface.

To retrieve 120,000 bytes of entropy from the AlphaRNG device to rnd.bin with security disabled:

alrng -e -o rnd.bin -n 120000 -c none

Continuous retrieve operation

To continuously retrieve entropy from the SwiftRNG device to rnd.bin file using default (AES-256-GCM) cipher:

alrng -e -o rnd.bin

RSA encryption

By default, alrng utilizes RSA-2048 encryption with a built-in RSA 2048-bit key for establishing the initial secure connection with any AlphaRNG device. To improve security, each AlphaRNG is shipped with a unique public RSA 2048-bit key that can be exclusively used with one such device.

To retrieve 12,000 random bytes from the AlphaRNG device to a file over a secure connection using the supplied unique public RSA 2048-bit key:

alrng -e -o rnd.bin -n 12000 -k public_key-XYZ.pem

Retrieving RAW random data from device internal noise sources

With alrng it is possible to retrieve raw (unprocessed) bytes from each of two noise sources of the AlphaRNG device. The feature is used by AlphaRNG Software Kit for inspecting and validating the noice sources. It can also be used for estimating the quality of a source of entropy as part of the Entropy Assessment software developed by NIST (NIST Special Publication 800-90B - Recommendation for the Entropy Sources Used for Random Bit Generation).

To retrieve 1,200,000 of raw bytes from the noise source 1 to rnd.bin file:

alrng -1 -n 1200000 -o rnd.bin

To retrieve 1,200,000 of raw bytes from the noise source 2 to rnd.bin file:

alrng -2 -n 1200000 -o rnd.bin

Using optional SHA entropy extractors

To comply with NIST SP 800 90B section 3.1.5.1 and NIST FIPS PUB 180-4, alrng offers two options for using SHA-256 and SHA-512 entropy extractors. These features are implemented by applying SHA-256 or SHA-512 method to concatenated RAW random bytes of both noise sources retrieved from the AlphaRNG device. The SHA input/output extraction ratio used is 2/1 so that two input bits are used to extract one bit of entropy.

A sample command for using SHA-256 method for extracting 1024 bytes of entropy into a file:

alrng -x -n 1024 -o rnd.bin

A sample command for using SHA-512 method for extracting 1024 bytes of entropy into a file:

alrng -X -n 1024 -o rnd.bin

Other commands and options available

A complete list of commands and options available with alrng can be retrieved using the following command:

alrng -h

Non-root access on Linux

To enable a non-root user to access the AlphaRNG device, simply copy the supplied 85-alpharng-usb-access.rules file to /etc/udev/rules.d/ location. You may need to reboot the system for the changes to take effect. The non-root user access can be verified using the following command:

alrng –l