[Help-gnutls] Alternate random device for certtool
wk at gnupg.org
Thu Dec 4 12:36:06 CET 2008
On Sat, 29 Nov 2008 09:21, nmav at gnutls.org said:
> I upgraded to gcrypt 1.4.4 and I notice the same delay, and strace shows
> that /dev/random is being used even with this flag.
What you do in certtool is to call
if (info.quick_random != 0)
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
very early. In fact as the first call to libgcrypt. At that point the
library is not initialixed and thus it has not checked whether it is in
FIPS mode; thus the default is used which is the more restrictive FIPS
/* This may be called before full initialization to degrade the
quality of the RNG for the sake of a faster running test suite. */
if (fips_mode ())
; /* Not used. */
As you see the flag can't be set in this case. What you need to do is
to set this flag during initialization: That is after a first call to
gcry_check_version. This is how it is done in by libgcrypt regression
Anyway, using this flag is strongly discouraged. It is only useful for
testing. gpg for example refuse to use a key if the random number
generator is in this mode and the User ID of the key is not flagged as
insecure. That is a bit paranoid but older version of libgcrypt even
did not used a strong RNG in the quick mode.
If you want to use not so strong keys, you better use the transient-key
feature available since 1.4.2:
This is only meaningful for RSA keys. This is a flag with no value. If
given the RSA key is created using a faster and a somewhat less secure
random number generator. This flag may be used for keys which are only
used for a short time and do not require full cryptographic strength.
err = gcry_sexp_build (&key_spec, NULL,
? "(genkey (RSA (nbits %d)))"
: "(genkey (RSA (nbits %d)(transient-key)))",
You may use that even with older Libgcrypt versions, however it is
ignored then. The fips mode test is required because this flag is
refused by gcry_pk_genkey in fips mode.
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gcrypt-devel