OpenSSL is a cryptography toolkit that implements the Secure Sockets Layer and Transport Layer Security network protocols and related cryptography standards.

The openssl program is a command line tool that can be used for the following:

  • Public/Private keys creation and management
  • Public key cryptographic operations
  • Generating X.509 certificates, CSRs and CRLs
  • Generating Message Digests
  • Encryption/Decryption with Ciphers

With OpenSSL, a RAND engine can be loaded dynamically, via an entry in the openssl.cnf file, and provide cryptographic primitive support to the framework. OpenSSL will search for this file in a precompiled location or through the use of an environment variable.

The latest SwiftRNG Software Kit comes with the eng_swiftrng.cpp source code file, that can be used to create a dynamically linked shared object library The library then can be loaded as a RAND engine and used by the openssl program to interface a SwiftRNG device.

The following will demonstrate how to build artifact and create a proper openssl.cnf configuration file.

Step 1 - download the software kit

You will need to download the source code and build utilities and components for specific OS. The SwiftRNG software kit can be downloaded from this location. Alternatively it can be downloaded with git using the following command:

git clone

Locate the source code with the following command:

cd swiftrng/linux-and-macOS/swrng/

Step 2 - install required components

Follow the steps outlined in section Building utilities on Linux and macOS for installing required dependencies for specific OS.

Step 3 - install additional components

On Ubuntu, this can be done with the following commands:

sudo apt install g++
sudo apt install openssl
sudo apt install libssl-dev

On CentOS or Red Hat, use the following commands to install the required dependencies:

sudo yum install gcc-c++
sudo yum install openssl
sudo yum install openssl-devel

On macOS, the openssl dependency can be installed by running the following from the command line:

brew install openssl

On FreeBSD, use the following command to install the gcc required dependency:

sudo pkg install lang/gcc

Step 4 - build artifact

The shared library can be build on Linux and macOS with the following make command:

make eng_swiftrng

On FreeBSD the library can be build as following:

make -f Makefile.bsd eng_swiftrng

Step 5 - create openssl.cnf file

Create the openssl.cnf file with the following content (replace <path> with a proper location):

# This must be in the default section
openssl_conf = openssl_init

engines = engine_section

swiftrng = swiftrng_section

engine_id = swiftrng
dynamic_path = /<path>/

Note: The Software Kit already contains the openssl.cnf file that can be used as a sample.

Step 6 - set the environment variable

Set the environment variable or place the openssl.cnf file in the correct location.

Setting the csh environment variable OPENSSL_CONF

setenv OPENSSL_CONF /<somepath>/openssl.cnf

Setting the bash environment variable OPENSSL_CONF

export OPENSSL_CONF=/<somepath>/openssl.cnf

NOTE: Path can be relative to the current directory e.g. ./openssl.cnf, just be conscious of where you are when you’re starting the openssl program binary.

Step 7 - verify the engine is loaded

Verify the engine is loaded (may need sudo or root permissions to open the SwiftRNG device):

sudo -E openssl engine

The response should contain the following line:

(swiftrng) SwiftRNG RAND engine

Step 8 - generate random data using OpenSSL and a SwiftRNG device

To generate a random password in hex format, run the following command:

sudo -E openssl rand -hex 20

To generate a random password in base64 format:

sudo -E openssl rand -base64 20

To generate an RSA-2048 key:

sudo -E openssl genrsa 2048

To generate a binary file with 10,000 random bytes:

sudo -E openssl rand -out random.bin 10000