openssl/doc/man1/openssl-rand.pod.in

=pod
{- OpenSSL::safe::output_do_not_edit_headers(); -}

=head1 NAME

openssl-rand - generate pseudo-random bytes

=head1 SYNOPSIS

B<openssl rand>
[B<-help>]
[B<-out> I<file>]
[B<-base64>]
[B<-hex>]
{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_provider_synopsis -}
I<num>[K|M|G|T]

=head1 DESCRIPTION

This command generates I<num> random bytes using a cryptographically
secure pseudo random number generator (CSPRNG). A suffix [K|M|G|T] may be
appended to the num value to indicate the requested value be scaled as a
multiple of KiB/MiB/GiB/TiB respectively. Note that suffixes are case
sensitive, and that the suffixes represent binary multiples
(K = 1024 bytes, M = 1024*1024 bytes, etc).

The string 'max' may be substituted for a numercial value in num, to request the
maximum number of bytes the CSPRNG can produce per instantiation.  Currently,
this is restricted to 2^61 bytes as per NIST SP 800-90C.

The random bytes are generated using the L<RAND_bytes(3)> function,
which provides a security level of 256 bits, provided it managed to
seed itself successfully from a trusted operating system entropy source.
Otherwise, the command will fail with a nonzero error code.
For more details, see L<RAND_bytes(3)>, L<RAND(7)>, and L<EVP_RAND(7)>.

=head1 OPTIONS

=over 4

=item B<-help>

Print out a usage message.

=item B<-out> I<file>

Write to I<file> instead of standard output.

=item B<-base64>

Perform base64 encoding on the output.

=item B<-hex>

Show the output as a hex string.

{- $OpenSSL::safe::opt_engine_item -}

{- $OpenSSL::safe::opt_r_item -}

{- $OpenSSL::safe::opt_provider_item -}

=back

=head1 SEE ALSO

L<openssl(1)>,
L<RAND_bytes(3)>,
L<RAND(7)>,
L<EVP_RAND(7)>

=head1 HISTORY

The B<-engine> option was deprecated in OpenSSL 3.0.

=head1 COPYRIGHT

Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Document the 'rand' application. 2000-03-01 15:57:25 +08:00			`=pod`
Use a function to generate do-not-edit comment Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10316) 2019-10-31 11:35:08 +08:00			`{- OpenSSL::safe::output_do_not_edit_headers(); -}`
Infrastructure for templated doc in POD files Use new doc-build capabilities Add -i flag to dofile. Add doc/man1 to SUBDIRS for the new templated doc files Rewrite commit a397aca (merged from PR 10118) to use the doc-template stuff. Put template references in common place Template options and text come at the end of command-specific options: opt_x, opt_trust, opt_r (in that order). Refactor xchain options. Do doc-nits after building generated sources. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10159) 2019-10-13 05:45:56 +08:00
Document the 'rand' application. 2000-03-01 15:57:25 +08:00			`=head1 NAME`

Deprecate unprefixed manual entries for openssl commands Initially, the manual page entry for the 'openssl cmd' command used to be available at 'cmd(1)'. Later, the aliases 'openssl-cmd(1)' was introduced, which made it easier to group the openssl commands using the 'apropos(1)' command or the shell's tab completion. In order to reduce cluttering of the global manual page namespace, the manual page entries without the 'openssl-' prefix have been deprecated in OpenSSL 3.0 and will be removed in OpenSSL 4.0. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9666) 2019-08-22 07:04:41 +08:00			`openssl-rand - generate pseudo-random bytes`
Document the 'rand' application. 2000-03-01 15:57:25 +08:00
			`=head1 SYNOPSIS`

			`B<openssl rand>`
GH628: Add -help to all apps docs. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> 2016-02-06 00:58:45 +08:00			`[B<-help>]`
Document the 'rand' application. 2000-03-01 15:57:25 +08:00			`[B<-out> I<file>]`
			`[B<-base64>]`
-hex option for openssl rand PR: 1831 Submitted by: Damien Miller 2009-02-02 08:01:28 +08:00			`[B<-hex>]`
openssl-*.pod.in: Prevent newlines on empty engine_synopsis causing layout errors Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12932) 2020-09-21 17:56:01 +08:00			`{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -}`
cmdline app: add provider commandline options. Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option to allow the path to providers to be specified. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11167) 2020-02-25 12:29:30 +08:00			`{- $OpenSSL::safe::opt_provider_synopsis -}`
Augment rand argument parsing to allow scaling Instead of just accepting a number of bytes, allows openssl rand to accept a k\|m\|g suffix to scale to kbytes/mbytes/gbytes Fixes #22622 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22624) 2023-11-06 06:51:38 +08:00			`I<num>[K\|M\|G\|T]`
Document the 'rand' application. 2000-03-01 15:57:25 +08:00
			`=head1 DESCRIPTION`

doc: document that 'openssl rand' is cryptographically secure Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11213) 2020-03-02 07:25:29 +08:00			`This command generates I<num> random bytes using a cryptographically`
Augment rand argument parsing to allow scaling Instead of just accepting a number of bytes, allows openssl rand to accept a k\|m\|g suffix to scale to kbytes/mbytes/gbytes Fixes #22622 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22624) 2023-11-06 06:51:38 +08:00			`secure pseudo random number generator (CSPRNG). A suffix [K\|M\|G\|T] may be`
			`appended to the num value to indicate the requested value be scaled as a`
			`multiple of KiB/MiB/GiB/TiB respectively. Note that suffixes are case`
			`sensitive, and that the suffixes represent binary multiples`
			`(K = 1024 bytes, M = 1024*1024 bytes, etc).`

			`The string 'max' may be substituted for a numercial value in num, to request the`
			`maximum number of bytes the CSPRNG can produce per instantiation. Currently,`
			`this is restricted to 2^61 bytes as per NIST SP 800-90C.`
doc: document that 'openssl rand' is cryptographically secure Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11213) 2020-03-02 07:25:29 +08:00
			`The random bytes are generated using the L<RAND_bytes(3)> function,`
			`which provides a security level of 256 bits, provided it managed to`
			`seed itself successfully from a trusted operating system entropy source.`
Correct two small documentation issues The find-doc-nits complains about non-zero word and about missing line before =head1 which causes build failure. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11231) 2020-03-03 22:34:53 +08:00			`Otherwise, the command will fail with a nonzero error code.`
rand_drbg: remove RAND_DRBG. The RAND_DRBG API did not fit well into the new provider concept as implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the RAND_DRBG API is a mixture of 'front end' and 'back end' API calls and some of its API calls are rather low-level. This holds in particular for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG type changing mechanism (RAND_DRBG_set()). Adding a compatibility layer to continue supporting the RAND_DRBG API as a legacy API for a regular deprecation period turned out to come at the price of complicating the new provider API unnecessarily. Since the RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC to drop it entirely. Other related changes: Use RNG instead of DRBG in EVP_RAND documentation. The documentation was using DRBG in places where it should have been RNG or CSRNG. Move the RAND_DRBG(7) documentation to EVP_RAND(7). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12509) 2020-07-22 10:55:31 +08:00			`For more details, see L<RAND_bytes(3)>, L<RAND(7)>, and L<EVP_RAND(7)>.`
Document the 'rand' application. 2000-03-01 15:57:25 +08:00
			`=head1 OPTIONS`

			`=over 4`

GH628: Add -help to all apps docs. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> 2016-02-06 00:58:45 +08:00			`=item B<-help>`

			`Print out a usage message.`

Consistent formatting of flags with args For documentation of all commands with "-flag arg" format them consistently: "B<-flag> I<arg>", except when arg is literal (for example "B<-inform> B<PEM>\|B<DER>") Update find-doc-nits to complain if badly formatted strings are found. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10022) 2019-09-26 03:20:11 +08:00			`=item B<-out> I<file>`
Document the 'rand' application. 2000-03-01 15:57:25 +08:00
			`Write to I<file> instead of standard output.`

			`=item B<-base64>`

			`Perform base64 encoding on the output.`

-hex option for openssl rand PR: 1831 Submitted by: Damien Miller 2009-02-02 08:01:28 +08:00			`=item B<-hex>`

			`Show the output as a hex string.`

Document most missing options Add cmd-nits make target. Listing options should stop when it hits the "parameters" separator. Add missing .pod.in files to doc/man1/build.info Tweak find-doc-nits to try openssl-XXX before XXX for POD files and change an error messavge to be more useful. Fix the following pages: ca, cms, crl, dgst, enc, engine, errstr, gendsa, genrsa, list, ocsp, passwd, pkcs7, pkcs12, rand, rehash, req, rsautil, s_server, speed, s_time, sess_id, smime, srp, ts, x509. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10873) 2020-01-17 02:40:52 +08:00			`{- $OpenSSL::safe::opt_engine_item -}`

Infrastructure for templated doc in POD files Use new doc-build capabilities Add -i flag to dofile. Add doc/man1 to SUBDIRS for the new templated doc files Rewrite commit a397aca (merged from PR 10118) to use the doc-template stuff. Put template references in common place Template options and text come at the end of command-specific options: opt_x, opt_trust, opt_r (in that order). Refactor xchain options. Do doc-nits after building generated sources. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10159) 2019-10-13 05:45:56 +08:00			`{- $OpenSSL::safe::opt_r_item -}`

cmdline app: add provider commandline options. Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option to allow the path to providers to be specified. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11167) 2020-02-25 12:29:30 +08:00			`{- $OpenSSL::safe::opt_provider_item -}`

Document the 'rand' application. 2000-03-01 15:57:25 +08:00			`=back`

'rand'/'-rand' documentation. 2000-03-01 19:45:53 +08:00			`=head1 SEE ALSO`

Deprecate unprefixed manual entries for openssl commands Initially, the manual page entry for the 'openssl cmd' command used to be available at 'cmd(1)'. Later, the aliases 'openssl-cmd(1)' was introduced, which made it easier to group the openssl commands using the 'apropos(1)' command or the shell's tab completion. In order to reduce cluttering of the global manual page namespace, the manual page entries without the 'openssl-' prefix have been deprecated in OpenSSL 3.0 and will be removed in OpenSSL 4.0. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9666) 2019-08-22 07:04:41 +08:00			`L<openssl(1)>,`
doc: document that 'openssl rand' is cryptographically secure Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11213) 2020-03-02 07:25:29 +08:00			`L<RAND_bytes(3)>,`
			`L<RAND(7)>,`
rand_drbg: remove RAND_DRBG. The RAND_DRBG API did not fit well into the new provider concept as implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the RAND_DRBG API is a mixture of 'front end' and 'back end' API calls and some of its API calls are rather low-level. This holds in particular for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG type changing mechanism (RAND_DRBG_set()). Adding a compatibility layer to continue supporting the RAND_DRBG API as a legacy API for a regular deprecation period turned out to come at the price of complicating the new provider API unnecessarily. Since the RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC to drop it entirely. Other related changes: Use RNG instead of DRBG in EVP_RAND documentation. The documentation was using DRBG in places where it should have been RNG or CSRNG. Move the RAND_DRBG(7) documentation to EVP_RAND(7). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12509) 2020-07-22 10:55:31 +08:00			`L<EVP_RAND(7)>`
'rand'/'-rand' documentation. 2000-03-01 19:45:53 +08:00
apps: document the deprecation of the -engine option Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12226) 2020-06-25 09:27:51 +08:00			`=head1 HISTORY`

			`The B<-engine> option was deprecated in OpenSSL 3.0.`

Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 23:44:05 +08:00			`=head1 COPYRIGHT`

Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15381) 2021-05-20 21:22:33 +08:00			`Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.`
Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 23:44:05 +08:00
Following the license change, modify the boilerplates in doc/man1/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7828) 2018-12-06 21:04:11 +08:00			`Licensed under the Apache License 2.0 (the "License"). You may not use`
Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 23:44:05 +08:00			`this file except in compliance with the License. You can obtain a copy`
			`in the file LICENSE in the source distribution or at`
			`L<https://www.openssl.org/source/license.html>.`

			`=cut`