Blogs‎ > ‎

[DNSSEC] The simplest way to integrate the Alea I with dnssec-keygen

posted Feb 7, 2011, 4:35 PM by Amir Haris Ahmad   [ updated Feb 13, 2011, 6:43 AM ]

The simplest way to integrate the Alea I with dnssec-keygen is to use the "randomfile" program which is provided as C source on the Alea I driver CD, and pipe its output into the standard input of the dnssec-keygen program. For example, this command will generate a 2048-bit RSA zone key for the "my" TLD:


sudo randomfile -b | dnssec-keygen -r /dev/fd/0 -a RSASHA1 -b 2048 my.


Here, the "-b" causes the randomfile program to output the randomness in binary form (which is what dnssec-keygen expects), and the "-r /dev/fd/0" causes dnssec-keygen to read randomness from standard input instead of /dev/random. Note that the randomfile program needs to be run as root unless you set up specific udev rules to give non-root users permission to access the Alea I USB device.


amir@localhost.my