How to use our cryptochip to generate GPG/RSA keys

solved

#1

As far as I understand our Turris Omnia has an hardware entropy-pool generating chip build-in (advertised as the ‘cryptochip’ on the cz.nic homepage, just above the ‘About us’ section), but I would not know how to use it to this end. So:

» Does anyone have an idea on how to utilize our HW cryptochip to help generating GPG and RSA keys? :thinking:

What I did to investigate

  • Tried printing information about the device on the turris cli (to no avail):

    root@turris:~# cat /dev/hwrng
    cat: read error: No such device
    
  • Read the using the random generator to simply generate a random number topic, which was very informative but i was unable to use it to my ends (I could be missing something there though):

  • Read the Fix low available entropy topic topic, but that concluded with the following (not helping me with my specific question either I think):

As this is a very specific context (Turris Omnia / HW randomizer) I am not sure on how to continue. Any pointers on how use our hardware for GPG / RSA key generation?


#2

Cryptochip referenced in Turris page is Atsha204. It has user-space implementation and you can use it with atsha204cmd.

You can use it to generate random numbers with atsha204cmd random but it is rather suggested to use system random generator instead. It combines multiple sources (including atsha) to generate random numbers.


#3

Thanks works like a charm:

example