...
- install Raspian Stretch (or higher); required for having openssl 1.1+
- install the package rng-tools (provides access to the built-in hardware random number generator under /dev/hwrng)
- set the date and time (Raspberry Pi does not have a built-in clock)
- after installing all needed packages, remove the Pi from the network and never connect it again.
Q to the SM: is it acceptable to take the preparatory steps before traveling to the signing ceremony? Or do everything live?
Info |
---|
IMPORTANT: adapt the settings/openssl-rsa.cnf and settings/openssl-ecdsa.cnf settings before issuing the CA. In particular:
|
...