How to use our cryptochip to generate GPG/RSA keys

woosting · November 18, 2018, 10:48am

As far as I understand our Turris Omnia has an hardware entropy-pool generating chip build-in (advertised as the ‘cryptochip’ on the cz.nic homepage, just above the ‘About us’ section), but I would not know how to use it to this end. So:

» Does anyone have an idea on how to utilize our HW cryptochip to help generating GPG and RSA keys?

What I did to investigate

Tried printing information about the device on the turris cli (to no avail):
```
root@turris:~# cat /dev/hwrng
cat: read error: No such device
```
Read the using the random generator to simply generate a random number topic, which was very informative but i was unable to use it to my ends (I could be missing something there though):

Random number generator

Unless your are doing some crazy cryptography stuff like generating private keys for signatures or something like that you should probably use /dev/urandom.
Read the Fix low available entropy topic topic, but that concluded with the following (not helping me with my specific question either I think):

Fix low available entropy

How then to utilize this dedicted chip for a healthy entropy quantity out of the box?

As this is a very specific context (Turris Omnia / HW randomizer) I am not sure on how to continue. Any pointers on how use our hardware for GPG / RSA key generation?

cynerd · November 19, 2018, 1:29pm

Cryptochip referenced in Turris page is Atsha204. It has user-space implementation and you can use it with atsha204cmd.

You can use it to generate random numbers with atsha204cmd random but it is rather suggested to use system random generator instead. It combines multiple sources (including atsha) to generate random numbers.

woosting · November 19, 2018, 9:18pm

Thanks works like a charm:

example