Merge pull request #209 from mirko/master

Add option to retrieve additionaly entropy from YubiKey itself

1 files changed, 13 insertions, 0 deletions

diff --git a/README.md b/README.md
index 915789b..e3df4c8 100644
--- a/README.md
+++ b/README.md
@@ -320,6 +320,18 @@ $ cat /proc/sys/kernel/random/entropy_avail
 
 Most operating systems use software-based pseudorandom number generators. A hardware random number generator like [OneRNG](https://onerng.info/onerng/) will [increase the speed](https://lwn.net/Articles/648550/) of entropy generation and possibly the quality.
 
+From YubiKey firmware version 5.2.3 onwards - which introduces "Enhancements to OpenPGP 3.4 Support" - we can gather additional entropy from the YubiKey itself via the SmartCard interface.
+
+## YubiKey
+
+To feed the system's PRNG with entropy generated by the YubiKey itself, issue:
+```console 
+$ echo "SCD RANDOM 512" | gpg-connect-agent | sudo tee /dev/random | hexdump -C
+```
+This will seed the Linux kernel's PRNG with additional 512 bytes retrieved from the YubiKey.
+
+## OneRNG
+
 Install and configure OneRNG software:
 
 ```console
@@ -2447,3 +2459,4 @@ Admin PIN:   12345678
 * https://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/
 * https://mlohr.com/gpg-agent-forwarding/
 * https://www.ingby.com/?p=293
+* https://support.yubico.com/support/solutions/articles/15000027139-yubikey-5-2-3-enhancements-to-openpgp-3-4-support