Index: doc/cryptography.html
==================================================================
--- doc/cryptography.html
+++ doc/cryptography.html
@@ -43,10 +43,12 @@
 	    <dd><b>tls::decrypt</b> <b>-cipher</b> <em>name</em> <b>-key</b> <em>key ?options?</em></dd>
 	    <dt>&nbsp;</dt>
 	    <dd><b>tls::hkdf -digest</b> <em>digest</em> <b>-key</b> <em>key ?options?</em></dd>
 	    <dd><b>tls::pbkdf2 -size</b> <em>length</em> <b>-digest</b> <em>digest ?options?</em></dd>
 	    <dd><b>tls::scrypt -password</b> <em>string</em> <b>-salt</b> <em>string ?options?</em></dd>
+	    <dt>&nbsp;</dt>
+	    <dd><b>tls::random</b> <em>?</em><b>-private</b><em>? length</em></dd>
 	</dl>
     </dd>
     <dd><a href="#OPTIONS">OPTIONS</a></dd>
     <dd><a href="#COMMANDS">COMMANDS</a></dd>
     <dd><a href="#GLOSSARY">GLOSSARY</a> </dd>
@@ -95,10 +97,13 @@
 <a href="#tls::decrypt"><b>tls::decrypt</b> <b>-cipher</b> <i>name</i> <b>-key</b> <i>key ?options?</i></a><br>
 <br>
 <a href="#tls::hkdf"><b>tls::hkdf -digest</b> <i>digest</i> <b>-key</b> <i>key ?options?</i></a><br>
 <a href="#tls::pbkdf2"><b>tls::pbkdf2 -size</b> <i>length</i> <b>-digest</b> <i>digest ?options?</i></a><br>
 <a href="#tls::scrypt"><b>tls::scrypt -password</b> <i>string</i> <b>-salt</b> <i>string ?options?</i></a><br>
+<br>
+<a href="#tls::random"><b>tls::random</b> <i>?</i><b>-private</b><i>? length</i></a><br>
+
 </p>
 
 <br>
 <h3><a name="OPTIONS">OPTIONS</a></h3>
 
@@ -539,10 +544,25 @@
 	block size. Must be greater than 0. Default is 8.<td></tr>
 	<tr><td><b>-p</b></td><td>The parallelization parameter
 	must be a positive integer less than or equal
 	to ((2^32-1) * 32) / (128 * r). Default is 1.<td></tr>
     </table></blockquote>
+
+<br>
+
+<h4><a name="RAND">Random Bytes Commands</a></h4>
+These commands provide randomly generated byte strings.
+<br>
+<br>
+    <dt><a name="tls::random"><strong>tls::random</strong>
+	<em>?</em><b>-private</b><em>? length</em></a></dt>
+    <dd>Generate <i>length</i> random bytes using a cryptographically secure
+	pseudo random generator (CSPRNG). OpenSSL uses a security level of 256
+	bits. Will return an error if a trusted entropy source such as the OS
+	isn't available. Use <b>-private</b> option if the values are intended
+	to remain private in case the public PRNG is compromised.</dd>
+
 </dl>
 
 <br>
 <h3><a name="GLOSSARY">GLOSSARY</a></h3>