openssl-rand.1ossl - Man Page

generate pseudo-random bytes

Synopsis

openssl rand [-help] [-out file] [-base64] [-hex] [-engine id] [-rand files] [-writerand file] [-provider name] [-provider-path path] [-provparam [name:]key=value] [-propquery propq] num[K|M|G|T]

This command generates num random bytes using a cryptographically secure pseudo random number generator (CSPRNG). A suffix [K|M|G|T] may be appended to the num value to indicate the requested value be scaled as a multiple of KiB/MiB/GiB/TiB respectively. Note that suffixes are case sensitive, and that the suffixes represent binary multiples (K = 1024 bytes, M = 1024*1024 bytes, etc).

The string 'max' may be substituted for a numerical value in num, to request the maximum number of bytes the CSPRNG can produce per instantiation. Currently, this is restricted to 2^61 bytes as per NIST SP 800-90C.

The random bytes are generated using the RAND_bytes(3) function, which provides a security level of 256 bits, provided it managed to seed itself successfully from a trusted operating system entropy source. Otherwise, the command will fail with a nonzero error code. For more details, see RAND_bytes(3), RAND(7), and EVP_RAND(7).

Options

-help: Print out a usage message.
-out file: Write to file instead of standard output.
-base64: Perform base64 encoding on the output.
-hex: Show the output as a hex string.
-engine id: See "Engine Options" in openssl(1). This option is deprecated.
-rand files, -writerand file: See "Random State Options" in openssl(1) for details.
-provider name
-provider-path path
-provparam [name:]key=value
-propquery propq: See "Provider Options" in openssl(1), provider(7), and property(7).

openssl-rand.1ossl - Man Page

Synopsis

Description

Options

See Also

History

Copyright

Referenced By