diff --git a/bin/dnssec/dnssec-signkey.c b/bin/dnssec/dnssec-signkey.c
index d9c5a53898..29fd252988 100644
--- a/bin/dnssec/dnssec-signkey.c
+++ b/bin/dnssec/dnssec-signkey.c
@@ -70,6 +70,8 @@ usage(void) {
 	fprintf(stderr, "Options: (default value in parenthesis) \n");
 	fprintf(stderr, "\t-v level:\n");
 	fprintf(stderr, "\t\tverbose level (0)\n");
+	fprintf(stderr, "\t-p\n");
+	fprintf(stderr, "\t\tuse pseudorandom data (faster but less secure)\n");
 	fprintf(stderr, "\t-r randomdev:\n");
 	fprintf(stderr, "\t\ta file containing random data\n");
 
@@ -152,15 +154,21 @@ main(int argc, char *argv[]) {
 	isc_region_t r;
 	isc_log_t *log = NULL;
 	keynode_t *keynode;
+	isc_boolean_t pseudorandom = ISC_FALSE;
+	unsigned int eflags;
 
 	result = isc_mem_create(0, 0, &mctx);
 	check_result(result, "isc_mem_create()");
 
 	dns_result_register();
 
-	while ((ch = isc_commandline_parse(argc, argv, "r:v:")) != -1)
+	while ((ch = isc_commandline_parse(argc, argv, "pr:v:h")) != -1)
 	{
 		switch (ch) {
+		case 'p':
+			pseudorandom = ISC_TRUE;
+			break;
+
 		case 'r':
 			randomfile = isc_mem_strdup(mctx,
 						    isc_commandline_argument);
@@ -175,6 +183,7 @@ main(int argc, char *argv[]) {
 				fatal("verbose level must be numeric");
 			break;
 
+		case 'h':
 		default:
 			usage();
 
@@ -190,8 +199,10 @@ main(int argc, char *argv[]) {
 	setup_entropy(mctx, randomfile, &ectx);
 	if (randomfile != NULL)
 		isc_mem_free(mctx, randomfile);
-	result = dst_lib_init(mctx, ectx,
-			      ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+	eflags = ISC_ENTROPY_BLOCKING;
+	if (!pseudorandom)
+		eflags |= ISC_ENTROPY_GOODONLY;
+	result = dst_lib_init(mctx, ectx, eflags);
 	if (result != ISC_R_SUCCESS)
 		fatal("could not initialize dst");