The alrng software utility can be used to verify the AlphaRNG installation status and to retrieve true random bytes from a AlphaRNG.
Note: It will require sudo permissions when using alrng utility with Linux or freeBSD based systems.
Linux, freeBSD, macOS and Windows
The software kit contains C++ source files that can be included in other projects for communicating with the AlphaRNG device directly.
AlphaRNG devices are viewed by Linux as ttyACM devices, by macOS as cu.usbmodem devices and by Windows as COM ports.
After the AlphaRNG device is plugged into an available USB port, to verify that the device was successfully configured, run the following from the command line:
alrng –l
When the SwiftRNG device is successfully installed and ready, the output from running the above command should look similar to this:
Device 0: 'Alpha True RNG ', S/N: F0383F99E34084B, version: 1.0
Where:
- Device – logical device number starting with 0
- ‘Alpha True RNG ‘ – RNG device model
- S/N – Unique serial number assigned to each AlphaRNG device when manufactured
- version – AlphaRNG device version
Retrieving entropy bytes
Using a secure connection with AES-256-GCM cipher
By default, alrng uses AES-256-GCM cipher to secure data transmission over the USB interface.
To retrieve 120,000 bytes of entropy from the AlphaRNG device to rnd.bin file using default settings, enter the following command:
alrng -e -o rnd.bin -n 120000
Using a secure connection with AES-256-GCM cipher and HMAC
By default, the MAC verification is disabled in alrng.
To retrieve 120,000 bytes of entropy from the AlphaRNG device to rnd.bin file using AES-256-GCM cipher and HMAC-SHA-256 verification, enter the following command:
alrng -e -o rnd.bin -n 120000 -m hmacSha256
Using a non secure connection
You can disable the cipher to achieve maximum data transfer rate over the USB interface.
To retrieve 120,000 bytes of entropy from the AlphaRNG device to rnd.bin with security disabled:
alrng -e -o rnd.bin -n 120000 -c none
Continuous retrieve operation
To continuously retrieve entropy from the SwiftRNG device to rnd.bin file using default (AES-256-GCM) cipher:
alrng -e -o rnd.bin
RSA encryption
By default, alrng utilizes RSA-2048 encryption with a built-in RSA 2048-bit key for establishing the initial secure connection with any AlphaRNG device.
To improve security, each AlphaRNG is shipped with a unique public RSA 2048-bit key that can be exclusively used with one such device.
To retrieve 12,000 random bytes from the AlphaRNG device to a file over a secure connection using the supplied unique public RSA 2048-bit key:
alrng -e -o rnd.bin -n 12000 -k public_key-XYZ.pem
Retrieving RAW random data from device internal noise sources
With alrng it is possible to retrieve raw (unprocessed) bytes from each of two noise sources of the AlphaRNG device.
The feature is used by AlphaRNG Software Kit for inspecting and validating the noice sources. It can also be used for estimating the quality of a source of entropy as part of the Entropy Assessment software developed by NIST (NIST Special Publication 800-90B - Recommendation for the Entropy Sources Used for Random Bit Generation).
To retrieve 1,200,000 of raw bytes from the noise source 1 to rnd.bin file:
alrng -1 -n 1200000 -o rnd.bin
To retrieve 1,200,000 of raw bytes from the noise source 2 to rnd.bin file:
alrng -2 -n 1200000 -o rnd.bin
Other commands and options available
A complete list of commands and options available with alrng can be retrieved using the following command:
alrng -h
Non-root access on Linux
To enable a non-root user to access the AlphaRNG device, simply copy the supplied 85-alpharng-usb-access.rules file to /etc/udev/rules.d/ location.
You may need to reboot the system for the changes to take effect. The non-root user access can be verified using the following command:
alrng –l