<div dir="ltr"><div>Well, neither Paul nor I are Windows developers, and previous looks at their documentation hasn't revealed much; there seems to be some resistance to having this on a system-wide basis.</div><div><br></div><div>Hunting Stack Exchange and similar places points to</div><div><a href="https://docs.microsoft.com/en-us/windows/win32/seccng/cng-portal">https://docs.microsoft.com/en-us/windows/win32/seccng/cng-portal</a></div><div>with the end result that as you say, signed code would be needed.</div><div><br></div><div>However, if there were a suitable open-sourced solution available, I'm pretty confident that we could solve the signing problem.</div><div><br></div><div><a href="https://download.microsoft.com/download/1/c/9/1c9813b8-089c-4fef-b2ad-ad80e79403ba/Whitepaper%20-%20The%20Windows%2010%20random%20number%20generation%20infrastructure.pdf">https://download.microsoft.com/download/1/c/9/1c9813b8-089c-4fef-b2ad-ad80e79403ba/Whitepaper%20-%20The%20Windows%2010%20random%20number%20generation%20infrastructure.pdf</a> has a lot of info, but sometimes the detail is lacking. There are entropy sources described, that "reseed the root PRNG", but the later list of Entropy Sources doesn't seem to permit an external submitter.</div><div><br></div><div>-jim<br></div><div><br></div><div><br></div></div>