yhsm-linux-add-entropy man page
yhsm-linux-add-entropy ‐ Seed the Linux entropy pool with data from YubiHSM TRNG
The YubiHSM uses "Avalanche Noise" TRNG together with USB SOF jitter sampling to feed a DRBG_CTR algorithm (NIST publication SP800-90). The result has been verified as being random data of good quality by at least one third party cryptographer. Use this program to add random data from the YubiHSM to the entropy pool of your Linux operating system. This is useful whenever lots of random data is needed, such as when generating chryptographic keys (GPG-keys), on a server terminating SSL sessions etc.
You may run this script from cron, or in a while-loop. Make sure it does not run at the same time as something else accessing the YubiHSM though, or the two tasks may interrupt each other ‐ probably making both fail.
- -D, --device
device file name (default: /dev/ttyACM0).
- -v, --verbose
enable verbose operation.
- -c, --count
number of iterations to run (default: 100).
- -r, --ratio
bits per byte read to use. 8 is probably fine, but as a conservative default 2 is used.
enable debug printout, including all data sent to/from YubiHSM.
Entropy added successfully
Report python-pyhsm/yhsm-linux-add-entropy bugs in the issue tracker
The home page
YubiHSMs can be obtained from Yubico.