Using smartcard as RNG

Pete Stephenson pete at
Sat Apr 13 13:04:31 CEST 2013

Hi all,

I did some searching in the archives but wasn't able to see if someone
else asked this question before. If it's been discussed before and I
missed it then I apologize in advance for the weakness of my search-fu
and would appreciate it if someone might point me in the right direction.

That said, I was curious if it is possible for GPG to use the hardware
RNG in an OpenPGP smartcard (either the GnuPG-branded one sold by Kernel
Concepts or ones like the GPF Crypto Stick) as an entropy source for
non-card-based operations.

For example, if I were to generate a long-term OpenPGP key (not
generated on the card) I'd like to ensure that the system has a high
degree of entropy. I currently use a Simtec Entropy Key[1] for creating
entropy for otherwise entropy-starved systems (mostly low-activity VMs)
and this works well[2], but it'd be nice to also add in entropy from the
smartcard hardware RNG as well.

While it might be nice to use the smartcard's HRNG to feed /dev/random,
I'm mostly interested in using it as an entropy source for key
generation or other entropy-dependent functions if the card is inserted
and available.

Is this possible?


[1] [3]
[2] It generates entropy using two hardware generators, does a series of
tests on them, and assuming they pass the tests, feeds them to a daemon
that feeds into a *nix system's entropy pool. One can then access the
entropy through normal methods, such as by accessing /dev/random.
[3] ObDisclaimer: I have no connection or relationship with the company.
I'm merely a customer who owns the device they sell.

More information about the Gnupg-users mailing list