OpenSSL is a cryptography toolkit that implements the Secure Sockets Layer and Transport Layer Security network protocols and related cryptography standards.
The openssl program is a command line tool that can be used for the following:
- Public/Private keys creation and management
- Public key cryptographic operations
- Generating X.509 certificates, CSRs and CRLs
- Generating Message Digests
- Encryption/Decryption with Ciphers
With OpenSSL, a RAND engine can be loaded dynamically, via an entry in the openssl.cnf file, and provide cryptographic primitive support to the framework.
OpenSSL will search for this file in a precompiled location or through the use of an environment variable.
The latest SwiftRNG Software Kit comes with the eng_swiftrng.cpp source code file, that can be used to create a dynamically linked shared object library eng_swiftrng.so.
The library then can be loaded as a RAND engine and used by the openssl program to interface a SwiftRNG device.
The following will demonstrate how to build eng_swiftrng.so artifact and create a proper openssl.cnf configuration file.
Step 1 - download the software kit
You will need to download the source code and build utilities and components for specific OS. The SwiftRNG software kit can be downloaded from this location. Alternatively it can be downloaded with git using the following command:
git clone https://github.com/tectrolabs/swiftrng.git
Locate the source code with the following command:
cd swiftrng/linux-and-macOS/swrng/
Step 2 - install required components
Follow the steps outlined in section Building utilities on Linux and macOS for installing required dependencies for specific OS.
Step 3 - install additional components
On Ubuntu, this can be done with the following commands:
sudo apt install g++
sudo apt install openssl
sudo apt install libssl-dev
On CentOS or Red Hat, use the following commands to install the required dependencies:
sudo yum install gcc-c++
sudo yum install openssl
sudo yum install openssl-devel
On macOS, the openssl dependency can be installed by running the following from the command line:
brew install openssl
On FreeBSD, use the following command to install the gcc required dependency:
sudo pkg install lang/gcc
Step 4 - build eng_swiftrng.so artifact
The eng_swiftrng.so shared library can be build on Linux and macOS with the following make command:
make eng_swiftrng
On FreeBSD the library can be build as following:
make -f Makefile.bsd eng_swiftrng
Step 5 - create openssl.cnf file
Create the openssl.cnf file with the following content (replace <path> with a proper location):
# This must be in the default section
openssl_conf = openssl_init
[openssl_init]
engines = engine_section
[engine_section]
swiftrng = swiftrng_section
[swiftrng_section]
engine_id = swiftrng
dynamic_path = /<path>/eng_swiftrng.so
Note: The Software Kit already contains the openssl.cnf file that can be used as a sample.
Step 6 - set the environment variable
Set the environment variable or place the openssl.cnf file in the correct location.
Setting the csh environment variable OPENSSL_CONF
setenv OPENSSL_CONF /<somepath>/openssl.cnf
Setting the bash environment variable OPENSSL_CONF
export OPENSSL_CONF=/<somepath>/openssl.cnf
NOTE: Path can be relative to the current directory e.g. ./openssl.cnf, just be conscious of where you are when you’re starting the openssl program binary.
Step 7 - verify the engine is loaded
Verify the engine is loaded (may need sudo or root permissions to open the SwiftRNG device):
sudo -E openssl engine
The response should contain the following line:
(swiftrng) SwiftRNG RAND engine
Step 8 - generate random data using OpenSSL and a SwiftRNG device
To generate a random password in hex format, run the following command:
sudo -E openssl rand -hex 20
To generate a random password in base64 format:
sudo -E openssl rand -base64 20
To generate an RSA-2048 key:
sudo -E openssl genrsa 2048
To generate a binary file with 10,000 random bytes:
sudo -E openssl rand -out random.bin 10000