openssl-rand(1ssl) - Man pages

dwww Home | Manual pages | Find package
OPENSSL-RAND(1SSL)                  OpenSSL                  OPENSSL-RAND(1SSL)

NAME
       openssl-rand - generate pseudo-random bytes

SYNOPSIS
       openssl rand [-help] [-out file] [-base64] [-hex] [-engine id] [-rand
       files] [-writerand file] [-provider name] [-provider-path path]
       [-provparam [name:]key=value] [-propquery propq] num[K|M|G|T]

DESCRIPTION
       This command generates num random bytes using a cryptographically secure
       pseudo random number generator (CSPRNG). A suffix [K|M|G|T] may be
       appended to the num value to indicate the requested value be scaled as a
       multiple of KiB/MiB/GiB/TiB respectively. Note that suffixes are case
       sensitive, and that the suffixes represent binary multiples (K = 1024
       bytes, M = 1024*1024 bytes, etc).

       The string 'max' may be substituted for a numerical value in num, to
       request the maximum number of bytes the CSPRNG can produce per
       instantiation.  Currently, this is restricted to 2^61 bytes as per NIST
       SP 800-90C.

       The random bytes are generated using the RAND_bytes(3) function, which
       provides a security level of 256 bits, provided it managed to seed
       itself successfully from a trusted operating system entropy source.
       Otherwise, the command will fail with a nonzero error code.  For more
       details, see RAND_bytes(3), RAND(7), and EVP_RAND(7).

OPTIONS
       -help
           Print out a usage message.

       -out file
           Write to file instead of standard output.

       -base64
           Perform base64 encoding on the output.

       -hex
           Show the output as a hex string.

       -engine id
           See "Engine Options" in openssl(1).  This option is deprecated.

       -rand files, -writerand file
           See "Random State Options" in openssl(1) for details.

       -provider name
       -provider-path path
       -provparam [name:]key=value
       -propquery propq
           See "Provider Options" in openssl(1), provider(7), and property(7).

SEE ALSO
       openssl(1), RAND_bytes(3), RAND(7), EVP_RAND(7)

HISTORY
       The -engine option was deprecated in OpenSSL 3.0.

COPYRIGHT
       Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.

       Licensed  under the Apache License 2.0 (the "License").  You may not use
       this file except in compliance with the License.  You can obtain a  copy
       in    the    file   LICENSE   in   the   source   distribution   or   at
       <https://www.openssl.org/source/license.html>.

3.5.4                              2025-09-30                OPENSSL-RAND(1SSL)
Generated by dwww version 1.16 on Tue Dec 16 04:06:44 CET 2025.