openssl-rand - generate pseudo-random bytes

Copyright

       Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.

       Licensed  under  the  Apache License 2.0 (the "License").  You may not use this file except in compliance
       with the License.  You can obtain  a  copy  in  the  file  LICENSE  in  the  source  distribution  or  at
       <https://www.openssl.org/source/license.html>.

3.4.1                                              2025-04-03                                 OPENSSL-RAND(1SSL)

Description

       This command generates num random bytes using a cryptographically secure pseudo random number generator
       (CSPRNG). A suffix [K|M|G|T] may be appended to the num value to indicate the requested value be scaled
       as a multiple of KiB/MiB/GiB/TiB respectively. Note that suffixes are case sensitive, and that the
       suffixes represent binary multiples (K = 1024 bytes, M = 1024*1024 bytes, etc).

       The string 'max' may be substituted for a numerical value in num, to request the maximum number of bytes
       the CSPRNG can produce per instantiation.  Currently, this is restricted to 2^61 bytes as per NIST SP
       800-90C.

       The random bytes are generated using the RAND_bytes(3) function, which provides a security level of 256
       bits, provided it managed to seed itself successfully from a trusted operating system entropy source.
       Otherwise, the command will fail with a nonzero error code.  For more details, see RAND_bytes(3),
       RAND(7), and EVP_RAND(7).

History

       The -engine option was deprecated in OpenSSL 3.0.

Name

       openssl-rand - generate pseudo-random bytes

Options

-help
           Print out a usage message.

       -outfile
           Write to file instead of standard output.

       -base64
           Perform base64 encoding on the output.

       -hex
           Show the output as a hex string.

       -engineid
           See "Engine Options" in openssl(1).  This option is deprecated.

       -randfiles, -writerandfile
           See "Random State Options" in openssl(1) for details.

       -providername-provider-pathpath-propquerypropq
           See "Provider Options" in openssl(1), provider(7), and property(7).

Synopsis

opensslrand [-help] [-outfile] [-base64] [-hex] [-engineid] [-randfiles] [-writerandfile] [-providername] [-provider-pathpath] [-propquerypropq] num[K|M|G|T]