[Help-gnutls] Alternate random device for certtool
Ian Goldberg
linux at paip.net
Fri Dec 5 14:14:41 CET 2008
On Fri, Dec 05, 2008 at 09:13:24AM +0100, Werner Koch wrote:
> It al depends on what you want. The default for Libgcrypt is to make
> sure that there is really strong random available for key generation and
> to do with a not so strong (read /dev/urandom) for session keys etc. If
> you don't want that (transient-key) gives you a way to degrade random
> quality for key generation.
It's my understanding that (transient-key) only works for RSA. Can it
be made to work for DSA as well? We hit this problem in libotr.
Thanks,
- Ian
More information about the Gcrypt-devel
mailing list