[Help-gnutls] Alternate random device for certtool

Ian Goldberg linux at paip.net
Fri Dec 5 14:14:41 CET 2008

On Fri, Dec 05, 2008 at 09:13:24AM +0100, Werner Koch wrote:
> It al depends on what you want.  The default for Libgcrypt is to make
> sure that there is really strong random available for key generation and
> to do with a not so strong (read /dev/urandom) for session keys etc.  If
> you don't want that (transient-key) gives you a way to degrade random
> quality for key generation.

It's my understanding that (transient-key) only works for RSA.  Can it
be made to work for DSA as well?  We hit this problem in libotr.


   - Ian

More information about the Gcrypt-devel mailing list