« OpenSSLHowTo »

in French

• http://fr.wikipedia.org/wiki/OpenSSL

• http://howto.landure.fr/gnu-linux/debian-sarge/creation-et-gestion-de-certificats-openssl (older)

• http://howto.landure.fr/gnu-linux/debian-sarge/creation-et-gestion-de-certificats-openssl/gnu-linux/debian-4-0-etch/creer-un-certificat-ssl-multi-domaines (newer)

• http://www.traduc.org/docs/HOWTO/lecture/SSL-Certificates-HOWTO.html

/dev/random explanations

• http://pwet.fr/man/linux/fichiers_speciaux/random

• google translation in english http://translate.google.fr/translate?u=http%3A%2F%2Fpwet.fr%2Fman%2Flinux%2Ffichiers_speciaux%2Frandom&hl=fr&ie=UTF-8&sl=fr&tl=en

• random.c from /linux-2.6.26.5/drivers/char random.c

• /dev/random

  • it is useless to feed more than "poolsize" bit of data in /dev/random at a time.

  • data put into /dev/random goes through a CRC32 pass before being put into the pool

  • monitoring in /proc/sys/kernel/random

    • boot_id : random data fetched at boot time
    • uuid : random data for new disk devices ID (a new UUID for a new partition)
    • entropy_avail : instant size of entropy available (in bits)
    • poolsize : max size of the entropy pool (in bits)

    • read_wakeup_threshold : entropy threshold when processes waiting for entropy are waken up to fetch new random data (/dev/random only)

    • write_wakeup_threshold : entropy threshold under which the pool is feed with data ( cat randomdata > /dev/random )

• entropy pool monitoring:

while sleep 1; do date; cat /proc/sys/kernel/random/entropy_avail ; done

• diehard test

    for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 ; do 
      dieharder -d $i -g 63 ; 
    done

in english

• http://en.wikipedia.org/wiki/OpenSSL

• http://wiki.cacert.org/OpenSSLHowTo

• http://www.imacat.idv.tw/tech/sslcerts.html

• http://tldp.org/HOWTO/SSL-Certificates-HOWTO/

• http://www.ipsec-howto.org/x595.html

• http://www.openssl.org/source/openssl-fips-1.2.tar.gz

• http://www.oss-institute.org/

• http://www.openssl.org/docs/misc/fingerprints.txt