OpenSSL: Secrets Life Cycle
11 min readOct 17, 2020
The Generic Secret Life Cycle
[0] Entropy test
When a secret is generated, the RNG must 1st pass the entropy test, and have the test logged for the ‘key birth certificate’. Any error or failure must also be logged.[1,2] Escrow and storage
Assuring key generation sanity, i.e. it passes the entropy test during generation, the secret may be escrowed. The secret is set to…