| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | =pod |
| 2 | |
| 3 | =head1 NAME |
| 4 | |
| 5 | openssl-rand, |
| 6 | rand - generate pseudo-random bytes |
| 7 | |
| 8 | =head1 SYNOPSIS |
| 9 | |
| 10 | B<openssl rand> |
| 11 | [B<-help>] |
| 12 | [B<-out> I<file>] |
| 13 | [B<-rand file...>] |
| 14 | [B<-writerand file>] |
| 15 | [B<-base64>] |
| 16 | [B<-hex>] |
| 17 | I<num> |
| 18 | |
| 19 | =head1 DESCRIPTION |
| 20 | |
| 21 | This command generates I<num> random bytes using a cryptographically |
| 22 | secure pseudo random number generator (CSPRNG). |
| 23 | |
| 24 | The random bytes are generated using the L<RAND_bytes(3)> function, |
| 25 | which provides a security level of 256 bits, provided it managed to |
| 26 | seed itself successfully from a trusted operating system entropy source. |
| 27 | Otherwise, the command will fail with a nonzero error code. |
| 28 | For more details, see L<RAND_bytes(3)>, L<RAND(7)>, and L<RAND_DRBG(7)>. |
| 29 | |
| 30 | =head1 OPTIONS |
| 31 | |
| 32 | =over 4 |
| 33 | |
| 34 | =item B<-help> |
| 35 | |
| 36 | Print out a usage message. |
| 37 | |
| 38 | =item B<-out file> |
| 39 | |
| 40 | Write to I<file> instead of standard output. |
| 41 | |
| 42 | =item B<-rand file...> |
| 43 | |
| 44 | A file or files containing random data used to seed the random number |
| 45 | generator. |
| 46 | Multiple files can be specified separated by an OS-dependent character. |
| 47 | The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for |
| 48 | all others. |
| 49 | Explicitly specifying a seed file is in general not necessary, see the |
| 50 | L</NOTES> section for more information. |
| 51 | |
| 52 | =item [B<-writerand file>] |
| 53 | |
| 54 | Writes random data to the specified I<file> upon exit. |
| 55 | This can be used with a subsequent B<-rand> flag. |
| 56 | |
| 57 | =item B<-base64> |
| 58 | |
| 59 | Perform base64 encoding on the output. |
| 60 | |
| 61 | =item B<-hex> |
| 62 | |
| 63 | Show the output as a hex string. |
| 64 | |
| 65 | =back |
| 66 | |
| 67 | =head1 NOTES |
| 68 | |
| 69 | Prior to OpenSSL 1.1.1, it was common for applications to store information |
| 70 | about the state of the random-number generator in a file that was loaded |
| 71 | at startup and rewritten upon exit. On modern operating systems, this is |
| 72 | generally no longer necessary as OpenSSL will seed itself from a trusted |
| 73 | entropy source provided by the operating system. The B<-rand> and |
| 74 | B<-writerand> flags are still supported for special platforms or |
| 75 | circumstances that might require them. |
| 76 | |
| 77 | It is generally an error to use the same seed file more than once and |
| 78 | every use of B<-rand> should be paired with B<-writerand>. |
| 79 | |
| 80 | =head1 SEE ALSO |
| 81 | |
| 82 | L<RAND_bytes(3)>, |
| 83 | L<RAND(7)>, |
| 84 | L<RAND_DRBG(7)> |
| 85 | |
| 86 | =head1 COPYRIGHT |
| 87 | |
| 88 | Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. |
| 89 | |
| 90 | Licensed under the OpenSSL license (the "License"). You may not use |
| 91 | this file except in compliance with the License. You can obtain a copy |
| 92 | in the file LICENSE in the source distribution or at |
| 93 | L<https://www.openssl.org/source/license.html>. |
| 94 | |
| 95 | =cut |