CentOS 5.5 installation instructions

For the purposes of this guide, we are using CentOS 5.5 x86_64 inside a VMware Workstation virtual machine, and software release 1.1.4-1. As such, if you are using CentOS on i386, you will want to make the appropriate substitutions in package file names, and possibly change the version number in them to reflect any future release.

  1. Download the Entropy Key driver packages. These can be found on our website at http://www.entropykey.co.uk/res/download/rpms/centos/5.5/RPMS/. You will need the packages for ekeyd, ekeyd-ulusbd, lua and lua-socket:

    # wget http://www.entropykey.co.uk/res/download/rpms/centos/5.5/RPMS/x86_64/{ekeyd-1.1.4-1.x86_64.rpm,ekeyd-ulusbd-1.1.4-1.x86_64.rpm,lua-5.1.4-2.x86_64.rpm,lua-socket-2.0.2-4.x86_64.rpm}

  2. Install the packages you just downloaded using RPM:

    rpm -i ekeyd-1.1.4-1.x86_64.rpm ekeyd-ulusbd-1.1.4-1.x86_64.rpm lua-5.1.4-2.x86_64.rpm lua-socket-2.0.2-4.x86_64.rpm

  3. Insert your Entropy Key into a spare USB socket, and use lsusb to confirm it has been detected:

    # lsusb
    Bus 001 Device 001: ID 0000:0000  
    Bus 002 Device 002: ID 20df:0001 Simtec Electronics Entropy Key [UDEKEY01]
    Bus 002 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
    Bus 002 Device 001: ID 0000:0000

  4. Run ekeydctl list to confirm the device has been detected by the driver:

    # ekeydctl list
    NR,OK,Status,Path,SerialNo
    1,NO,Long-Term-Key is bad,/var/run/entropykeys/M.9sBjBLNzFYRSFD,M/9sBjBLNzFYRSFD

    The M/9sBjBLNzFYRSFD here is the device's USB serial number, used to unique identify the processor inside the Entropy Key. Yours will be different. Make a note of the serial number for the next step.

  5. Set a long term key for this Entropy Key. Your device will have come with a master key card in a sealed envelope. It contains the master key for the matching Entropy Key. This key is set at the factory, and cannot be changed. It is used to set a long term key which is used for encrypting and authenticating data received from and sent to the Entropy Key. Use the ekey-rekey tool to create a new random long term key, and program it into the Entropy Key:

    # ekey-rekey M/9sBjBLNzFYRSFD Hs9F s87A 0Ofj 92jA fj2N xPwI 82Jf fjaA vGw9 kJJs 182/

    The first parameter is the device's USB serial number that we noted in the previous step. The additional parameters are the master key printed on the key card from the envelope. You can enter them with or without the spaces, or use a barcode scanner to input the key. Your master key will be different from the one in the above example. You should note that the card in the envelope is the only copy of this key and you should keep it in a safe place: the key is not stored on your computer afterwards, so you will need the card again should you ever want to change the long term key.

  6. Run ekeydctl list again to check the device is running:

    # ekeydctl list
    NR,OK,Status,Path,SerialNo
    3,YES,Running OK,/var/run/entropykeys/M.9sBjBLNzFYRSFD,M/9sBjBLNzFYRSFD

  7. Check that the kernel's entropy pool is now full, or nearly full:

    # cat /proc/sys/kernel/random/entropy_avail 
    4096


Simtec Electronics, 130 Hesketh Lane, Tarleton, Lancashire, PR4 6AS, United Kingdom.
Tel: UK (01772) 977177 / International +44 1772 977117 ekey@simtec.co.uk