Read random bytes from Gnuk potentially frequently without destroying the card

[John Scott]

Hi all,

Just for fun and because I have extra Gnuk tokens lying around, I'd like
to try writing a program for my libreCMC router that feeds the Linux
entropy pool with data from the token's true RNG. The help text for
scdaemon states
> # RANDOM <nbytes>
> # 
> # Get NBYTES of random from the card and send them back as data.
> # This usually involves EEPROM write on the card and thus excessive
> # use of this command may destroy the card.

I note that the help text says "usually." Can anyone confirm whether
Gnuks specifically do a ROM write in this case?

If they still do the write, I have a follow-up question.

I also notice that OpenSC has the feature to get an arbitrary number of
random bytes from the card with its OpenPGP module (it's not limited to
256 like requests to scdaemon are), like this:
$ pkcs11-tool --generate-random 1024

I realize this isn't the list for OpenSC questions, but does this
probably use the same mechanism under-the-hood and hence invoke a write
as well, or is there a chance that it avoids the write?

Thanks for the excellent libre software, and happy hacking
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20221120/2cda4738/attachment.sig>