Success report, and a question
dsilvers at simtec.co.uk
Tue Apr 12 10:04:23 BST 2011
On Mon, Apr 11, 2011 at 08:41:29PM -0400, Steve Snyder wrote:
> I'm successfully using an Entropy Key on a x86 CentOS v5.6 system,
> thanks in part to those on this list that responded to my questions.
I am glad that you have succeeded :-)
> One more question for now. To get the EK recognized I had to do a
> manual "ekeydctl add /dev/entropykey" followed by an invocation of
> ekey-rekey. Are these steps needed on each system boot (or run of
> ekeyd), or will the now-working EK be recognized without the aid of
> the utilities?
The rekey is only needed if you wish to change the long-term-key on the device
(e.g. if you fear your server was compromised) -- So long as the device node
remains in /dev/entropykey across reboots, ekeyd will pick it up automatically.
Otherwise you can always add the device in the ekeyd configuration file so that
it will be picked up on boot.
Daniel Silverstone http://www.simtec.co.uk/
More information about the EntropyKey-users