Certain applications may have a need for true random numbers generated from a certified hardware-based random number generator (RNG). Since SAKA includes a hardware RNG, it provides a web service for requesting and receiving true random numbers from its underlying RNG. The method requires four parameters:

When SAKA receives the request, it verifies the credentials presented against its internal database or an optional LDAP directory server and then determines their authorization to request the entropy service by determining if they are a member of an EncryptionAuthorized group. Note that if using LDAP, this group and its members must be created in the LDAP directory as a distinct task of the SAKA installation process; when using the SAKA internal database, this group is created automatically.

If the requester is authorized, SAKA gathers the requested number of bytes of entropy from its cryptographic hardware module, Base64-encodes them and returns the encoded bytes to the calling application. While most applications are likely to Base64-decode the encoded bytesperhaps to seed a Pseudo-Random Number Generator (PRNG) in their application/system—some may choose to use the Base64-encoded text as-is—perhaps as truly random passwords or web session identifiers, etc.