CODEWITHSUNDEEP
laravellaravel-passport
MJ Khan
MJ Khan

Reputation: 1746

Laravel - What are .rnd files after installing Laravel passport?

What is .rnd file that appear after installing Laravel Passport at root? Does it contain any sensitive data? Should we commit it to repo?

Upvotes: 14

Views: 5476

Answers (2)

Serious Angel
Serious Angel

Reputation: 1567

As mentioned in another answer, the file is created during generation of the keys using the Artisan command passport:keys:

$key = RSA::createKey($this->input ? (int) $this->option('length') : 4096);

Source

It's also worth to mention that the file itself is created by OpenSSL:

RAND_write_file() writes a number of random bytes (currently 128) to file filename which can be used to initialize the PRNG by calling RAND_load_file() in a later session.

RAND_file_name() generates a default path for the random seed file. buf points to a buffer of size num in which to store the filename.

On all systems, if the environment variable RANDFILE is set, its value will be used as the seed filename. Otherwise, the file is called .rnd, found in platform dependent locations...
Source

#define RFILE ".rnd"
// ...

if ((s = ossl_safe_getenv("RANDFILE")) == NULL || *s == '\0') {
    use_randfile = 0;
    s = ossl_safe_getenv("HOME");
}

Source

The environment variable RANDFILE may be used to control the behavior.

Laravel Passport (v12.3.0) uses PHP library phpseclib, which in turn has the following OpenSSL configuration:

# minimalist openssl.cnf file for use with phpseclib

HOME            = .
RANDFILE        = $ENV::HOME/.rnd

[ v3_ca ]

Source

There's an option to set a custom OpenSSL configuration file using the available method setOpenSSLConfigPath, but currently it seems that it's not supported by Laravel Password.

Upvotes: 0

julianstark999
julianstark999

Reputation: 3616

In general the .rnd file is a file that contains random data used for creating unique secure certificates for laravel passport.

Next, you should run the passport:install command. This command will create the encryption keys needed to generate secure access tokens. ...

https://laravel.com/docs/5.8/passport#installation

When deploying Passport to your production servers for the first time, you will likely need to run the passport:keys command. This command generates the encryption keys Passport needs in order to generate access token. The generated keys are not typically kept in source control:

php artisan passport:keys

https://laravel.com/docs/master/passport#deploying-passport

Upvotes: 15

Related Questions