Two key issues for the security of practical quantum key distribution (QKD) system, i.e., truly random number generator (TRNG) and monitoring of the QKD source, are addressed. For TRNG, two schemes based, respectively, on the detection of photon number statistics of diode laser, and on the continuous beat signal detection of a VCSEL, is reported, which can produce truly random numbers at 20 Mbit/s rate for any long time and the true randomness of which is primarily confirmed by 3 sigma-criteria up to 14 Gbit. In the security analysis of some QKD protocols, the photon-number distribution (PND) of QKD source is assumed to be fixed and known to Alice and Bob, while Eve cannot control or change it. In real-life experiment, the PND may deviate from this assumption (the source is untrusted) and so a monitoring for the source is needed. Previously, the active scheme for the monitoring is proposed but did not work well in the experiment. For monitoring the photon statistics of QKD source, we propose a passive scheme with a beam splitter and a PD detector and the experiment is realized in a real-life QKD system.