9

When I tried to run the following command to issue a new private key, which I use to host my web app via SSL:

openssl genrsa -out example.key 2048

the following error occured:

unable to write 'random state'  
e is 65537 (0x10001)

After digging out on the Web, I found a solution, which instructs you to delete the ~/.rnd file, which is likely owned by root.

sudo rm ~/.rnd

However, I found you don't need to delete the ~/.rnd if you issue the openssl command with sudo.

So my question is:

  • what is the ~/.rnd and why does it exist in my environment?

  • Which is a better way to issue a new private key?

StackzOfZtuff
  • 1,842
  • 13
  • 21
Blaszard
  • 352
  • 2
  • 6
  • 14
  • 4
    `~/.rnd` should be owned by the user of the home directory. It should only be owned by root if it's root's `/root/.rnd`. The wrong ownership would explain the "unable to write error". – jscott Feb 01 '17 at 14:57
  • @jscott Yeah I know. My question is why it has been created as `root` (and what it does), which seems to be true as well of people in the linked question. – Blaszard Feb 01 '17 at 15:01
  • 2
    It seems the obvious guess would be "root created the file or `chown`d it for some reason." -- that part would be for you to solve. None of the user profiles I checked here have it owned by root. The file is somewhat detailed in [`man 1 sslrand`](https://linux.die.net/man/1/sslrand). – jscott Feb 01 '17 at 15:12

1 Answers1

12

The ~/.rnd file is owned by root if you've ever run a command that modifies ~/.rnd as root via sudo in its non-login mode (ie without -i). As for what the ~/.rnd file is, it contains a seed value for the OpenSSL random number generator. The least-worst docs I can find on it are the RAND_read_file(3) man page.

womble
  • 96,255
  • 29
  • 175
  • 230
  • 3
    fwiw, the latest (”master“) version of the manpage is available at https://www.openssl.org/docs/manmaster/man3/RAND_load_file.html – myrdd Mar 20 '19 at 09:03