Product Documentation

Certain applications may have a need for true random numbers generated from a certified hardware-based random number generator (RNG). Since SAKA includes a hardware RNG, it provides a web service for requesting and receiving true random numbers from its underlying RNG. The method requires four parameters:

DID

The unique encryption domain identifier.

username

The encryption domain username with the authorization to call this web service.

password

The password of the username to authenticate the credential of the requester.

bytes

Number of bytes of entropy requested. The bytes are returned as Base64 encoded text.

When SAKA receives the request, it verifies the credentials presented against its internal database or an optional LDAP directory server and then determines their authorization to request the entropy service by determining if they are a member of an EncryptionAuthorized group. Note that if using LDAP, this group and its members must be created in the LDAP directory as a distinct task of the SAKA installation process; when using the SAKA internal database, this group is created automatically.

If the requester is authorized, SAKA gathers the requested number of bytes of entropy from its cryptographic hardware module, Base64-encodes them and returns the encoded bytes to the calling application. While most applications are likely to Base64-decode the encoded bytesperhaps to seed a Pseudo-Random Number Generator (PRNG) in their application/system—some may choose to use the Base64-encoded text as-is—perhaps as truly random passwords or web session identifiers, etc.