PRNGD(1) 2002-05-17 PRNGD(1)
NAME
prngd - Pseudo Random Number Generator Daemon
SYNOPSIS
prngd [ command_opts ] /path/to/socket [ /path/to/other_socket ]
prngd -k/--killmode /path/to/socket [ /path/to/other_socket ]
DESCRIPTION
PRNGD is the Pseudo Random Number Generator Daemon. It offers an EGD
compatible interface to obtain random data and is intended to be used
as an entropy source to feed other software, especially software based
on OpenSSL.
Like EGD (http://sourceforge.net/projects/egd/) it calls system
programs to collect entropy. Unlike EGD it does not generate a pool
of random bits that can be called from other software.
Rather it feeds the bits gathered into its internal PRNG from which
the "random bits" are obtained when requested. This way, PRNGD is
never drained and can never block (unlike EGD), so it is also suitable
to seed inetd-started programs.
It also features a seed-save file, so that it is immediately usable
after system start.
USAGE
Startup - (reads the seed file)
/usr/local/bin/prngd [other options] /var/run/egd-pool
Clean shutdown - (saves current data to the seed file)
/usr/local/bin/prngd --kill /var/run/egd-pool
The above line should be added to the system startup files so that
prngd starts up before any program that would query the random data
socket, such as OpenSSH.
PRNGD supports both UNIX sockets (as shown in the examples) as well as
TCP sockets (localhost only!). There is no port number registered
(yet), so pick a free port on your system, e.g. 708 when running with
root perms and you want to offer it as a system service, or 4840
without root perms.
Both ports are not assigned to any service as of
http://www.isi.edu/in-notes/iana/assignments/port-numbers
To have PRNGD listen on both the Unix socket and TCP do
prngd [other options] /var/run/egd-pool tcp/localhost:708
tcp/localhost:4840
- 1 - Formatted: April 20, 2024
PRNGD(1) 2002-05-17 PRNGD(1)
You should add these lines to /etc/services: (substitute your chosen
ports)
prngd 708/tcp # prngd/EGD system service
prngd-user 4840/tcp # prngd/EGD user service
PRNGD itself by now only handles numerical port numbers.
OPTIONS
PRNGD has the following options:
-c / --cmdfile file
Read the entropy gathering commands from "file" instead of reading
from the compiled in default location.
-d / --debug
Do not go into daemon (background) mode and print diagnostic
messages to stderr.
-f / --fg
Stay in foreground, do not fork. Do not print diagnostic messages.
This is e.g. usefull when using AIX System Resource Controller, so
that the resource controler could detect a crash of prngd.
-k / --kill
Kill the daemon(s) at the locations given. It is possible to kill
more than one prngd at a time with this command. If several
locations are given at one time, prngd will try to contact them
one after the other, query the process id according to the EGD
protocol and send a SIGTERM to the process. As one daemon may
server more than one socket, one may wish to kill the daemon with
the same argument that was used to start prngd. The kill
operation will however only succeed for the first socket, as the
daemon will be killed in the first attempt. prngd -k ... will
therefore silently ignore the failure at the other location(s).
-m / --mode mode
Set the file access mode of the UNIX socket to be "mode". The mode
is set after creation of the socket. This option can be used to
restrict access to prngd. If more than one UNIX socket is served
by prngd, the same mode setting applies to all UNIX sockets. The
mode must be given in numeric notation, e.g. 777 for read and
write and execute permission for owner/group/other.
-n / --no-seedfile
Do not read from any seedfile and do not create a seedfile or
write to any seedfile.
-p / --pidfile file
Write the pid of the prngd process into the specified file. If
this option is not explicitly used, no pid-file will be written,
as prngd -k can be used to kill a running prngd.
- 2 - Formatted: April 20, 2024
PRNGD(1) 2002-05-17 PRNGD(1)
-s / --seedfile file
Location of the seedfile. The file is read at startup to initially
seed the PRNG. On clean shutdown entropy is retrieved from the
pool and written back to the file. If no location is given, the
compiled in location of the seedfile is used. If the seedfile does
not exist on startup, it is created automatically.
-v / --version
Print the version of prngd and exit.
DIAGNOSTICS
AUTHOR/LICENSE
Author: Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
This software is free. You can do with it whatever you want. I would
however kindly ask you to acknowledge the use of this package, if you
are going use it in your software, which you might be going to
distribute. I would also like to receive a note if you are a satisfied
user :-)
SEE ALSO
PRNGD Home Page:
http://www.aet.tu-
cottbus.de/personen/jaenicke/postfix_tls/prngd.html
Related Sites:
http://sourceforge.net/projects/egd/
http://www.openssh.org/
http://www.openssl.org/
- 3 - Formatted: April 20, 2024
