PRNGD(1) 2002-05-17 PRNGD(1) NAME prngd - Pseudo Random Number Generator Daemon SYNOPSIS prngd [ command_opts ] /path/to/socket [ /path/to/other_socket ] prngd -k/--killmode /path/to/socket [ /path/to/other_socket ] DESCRIPTION PRNGD is the Pseudo Random Number Generator Daemon. It offers an EGD compatible interface to obtain random data and is intended to be used as an entropy source to feed other software, especially software based on OpenSSL. Like EGD (http://sourceforge.net/projects/egd/) it calls system programs to collect entropy. Unlike EGD it does not generate a pool of random bits that can be called from other software. Rather it feeds the bits gathered into its internal PRNG from which the "random bits" are obtained when requested. This way, PRNGD is never drained and can never block (unlike EGD), so it is also suitable to seed inetd-started programs. It also features a seed-save file, so that it is immediately usable after system start. USAGE Startup - (reads the seed file) /usr/local/bin/prngd [other options] /var/run/egd-pool Clean shutdown - (saves current data to the seed file) /usr/local/bin/prngd --kill /var/run/egd-pool The above line should be added to the system startup files so that prngd starts up before any program that would query the random data socket, such as OpenSSH. PRNGD supports both UNIX sockets (as shown in the examples) as well as TCP sockets (localhost only!). There is no port number registered (yet), so pick a free port on your system, e.g. 708 when running with root perms and you want to offer it as a system service, or 4840 without root perms. Both ports are not assigned to any service as of http://www.isi.edu/in-notes/iana/assignments/port-numbers To have PRNGD listen on both the Unix socket and TCP do prngd [other options] /var/run/egd-pool tcp/localhost:708 tcp/localhost:4840 - 1 - Formatted: December 7, 2024 PRNGD(1) 2002-05-17 PRNGD(1) You should add these lines to /etc/services: (substitute your chosen ports) prngd 708/tcp # prngd/EGD system service prngd-user 4840/tcp # prngd/EGD user service PRNGD itself by now only handles numerical port numbers. OPTIONS PRNGD has the following options: -c / --cmdfile file Read the entropy gathering commands from "file" instead of reading from the compiled in default location. -d / --debug Do not go into daemon (background) mode and print diagnostic messages to stderr. -f / --fg Stay in foreground, do not fork. Do not print diagnostic messages. This is e.g. usefull when using AIX System Resource Controller, so that the resource controler could detect a crash of prngd. -k / --kill Kill the daemon(s) at the locations given. It is possible to kill more than one prngd at a time with this command. If several locations are given at one time, prngd will try to contact them one after the other, query the process id according to the EGD protocol and send a SIGTERM to the process. As one daemon may server more than one socket, one may wish to kill the daemon with the same argument that was used to start prngd. The kill operation will however only succeed for the first socket, as the daemon will be killed in the first attempt. prngd -k ... will therefore silently ignore the failure at the other location(s). -m / --mode mode Set the file access mode of the UNIX socket to be "mode". The mode is set after creation of the socket. This option can be used to restrict access to prngd. If more than one UNIX socket is served by prngd, the same mode setting applies to all UNIX sockets. The mode must be given in numeric notation, e.g. 777 for read and write and execute permission for owner/group/other. -n / --no-seedfile Do not read from any seedfile and do not create a seedfile or write to any seedfile. -p / --pidfile file Write the pid of the prngd process into the specified file. If this option is not explicitly used, no pid-file will be written, as prngd -k can be used to kill a running prngd. - 2 - Formatted: December 7, 2024 PRNGD(1) 2002-05-17 PRNGD(1) -s / --seedfile file Location of the seedfile. The file is read at startup to initially seed the PRNG. On clean shutdown entropy is retrieved from the pool and written back to the file. If no location is given, the compiled in location of the seedfile is used. If the seedfile does not exist on startup, it is created automatically. -v / --version Print the version of prngd and exit. DIAGNOSTICS AUTHOR/LICENSE Author: Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> This software is free. You can do with it whatever you want. I would however kindly ask you to acknowledge the use of this package, if you are going use it in your software, which you might be going to distribute. I would also like to receive a note if you are a satisfied user :-) SEE ALSO PRNGD Home Page: http://www.aet.tu- cottbus.de/personen/jaenicke/postfix_tls/prngd.html Related Sites: http://sourceforge.net/projects/egd/ http://www.openssh.org/ http://www.openssl.org/ - 3 - Formatted: December 7, 2024