1=pod 2 3=head1 NAME 4 5openssl-rand, 6rand - generate pseudo-random bytes 7 8=head1 SYNOPSIS 9 10B<openssl rand> 11[B<-help>] 12[B<-out> I<file>] 13[B<-rand file...>] 14[B<-writerand file>] 15[B<-base64>] 16[B<-hex>] 17I<num> 18 19=head1 DESCRIPTION 20 21This command generates I<num> random bytes using a cryptographically 22secure pseudo random number generator (CSPRNG). 23 24The random bytes are generated using the L<RAND_bytes(3)> function, 25which provides a security level of 256 bits, provided it managed to 26seed itself successfully from a trusted operating system entropy source. 27Otherwise, the command will fail with a nonzero error code. 28For more details, see L<RAND_bytes(3)>, L<RAND(7)>, and L<RAND_DRBG(7)>. 29 30=head1 OPTIONS 31 32=over 4 33 34=item B<-help> 35 36Print out a usage message. 37 38=item B<-out file> 39 40Write to I<file> instead of standard output. 41 42=item B<-rand file...> 43 44A file or files containing random data used to seed the random number 45generator. 46Multiple files can be specified separated by an OS-dependent character. 47The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for 48all others. 49Explicitly specifying a seed file is in general not necessary, see the 50L</NOTES> section for more information. 51 52=item [B<-writerand file>] 53 54Writes random data to the specified I<file> upon exit. 55This can be used with a subsequent B<-rand> flag. 56 57=item B<-base64> 58 59Perform base64 encoding on the output. 60 61=item B<-hex> 62 63Show the output as a hex string. 64 65=back 66 67=head1 NOTES 68 69Prior to OpenSSL 1.1.1, it was common for applications to store information 70about the state of the random-number generator in a file that was loaded 71at startup and rewritten upon exit. On modern operating systems, this is 72generally no longer necessary as OpenSSL will seed itself from a trusted 73entropy source provided by the operating system. The B<-rand> and 74B<-writerand> flags are still supported for special platforms or 75circumstances that might require them. 76 77It is generally an error to use the same seed file more than once and 78every use of B<-rand> should be paired with B<-writerand>. 79 80=head1 SEE ALSO 81 82L<RAND_bytes(3)>, 83L<RAND(7)>, 84L<RAND_DRBG(7)> 85 86=head1 COPYRIGHT 87 88Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. 89 90Licensed under the OpenSSL license (the "License"). You may not use 91this file except in compliance with the License. You can obtain a copy 92in the file LICENSE in the source distribution or at 93L<https://www.openssl.org/source/license.html>. 94 95=cut 96