GPG does not have enough entropy

Solution 1:

Have you had a look at RNG?

Fedora/Rh/Centos types: sudo yum install rng-tools

On deb types: sudo apt-get install rng-tools to set it up.

Then run sudo rngd -r /dev/urandom before generating the keys.

Reference: http://it.toolbox.com/blogs/lim/how-to-generate-enough-entropy-for-gpg-key-generation-process-on-fedora-linux-38022

Solution 2:

I was able to generate the key by

apt-get install rng-tools

In another SSH window open

 gpg --gen-key

Go back to your first SSH session and run

sudo rngd -r /dev/urandom

Let this run till gpg generates your keys!


Solution 3:

To check the amount of bytes of entropy currently available, use

cat /proc/sys/kernel/random/entropy_avail

The entropy bucket is 4096 bytes large, which can very quickly be depleted.

Using this small 'readspeed' tool (http://1wt.eu/tools/readspeed/), you can measure how fast the entropy bucket is filled with different methods.

For example, launch :

$ ./readspeed < /dev/random

and move your mouse around. You will see that 'readspeed' empties the entropy bucket as soon as it is filled, and when you move the mouse, it fills up a bit.

Trying different methods, it seems that keyboard input and mouse movements are the most efficients to replenish that bucket. Network transfers and hard drive copies don't have much influence.

Finally, there are entropy generation devices available, such as this one: http://www.entropykey.co.uk/.


Solution 4:

+1 for rng-tools

In case you are stuck in situation as I am - not having permissions to install new software (rng-tools) on a headless server with virtually no input hardware (sound card, keyboard, mouse) attached. You can run this simple code from another terminal connect to same server, to add to the entropy. It does not matters if you start running this before or after starting gpg --gen-key

$ nice -n 19 bash
$ until [ $COUNT -lt 1 ]; do
  let COUNT=`cat /proc/sys/kernel/random/entropy_avail`
  echo "`date` COUNTER $COUNT"
done

First line is to start a new bash shell, with lower priority (I needed to be nice on a server shared by many users). The until loop is infinite, so remember to break it once the key is generated. All it is doing is causing the network traffic to increase the entropy. It also monitors the entropy_avail counter to show how it gets filled and emptied on other side by gpg. In my case, the counter filled up quickly to 64 and got emptied back to 0 (guess gpg picks up in chunk of 64). I was waiting for 4096 bit key generation for over 3 hours on the server. After starting to run this script, it got finished in under 5 min.


Solution 5:

I was bound and determined to generate entropy on my headless Ubuntu 14.04 server in order to generate a 4096 key with gpg --gen-key

There is a package for generating entropy called haveged. Example of install:

sudo apt-get install haveged

I had to sudo apt-get install rng-tools since it is a dependency in the following test.

Example of a test to see if entropy is generated by haveged:

cat /dev/random | rngtest -c 1000

A very small amount of failures is acceptable in any random number generator, but you can expect to see 998-1000 successes very often when using hovered.

I found out about it in a tutorial here:

https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged

I now have keys after running gpg --gen-key

Tags:

Linux

Ubuntu

Gpg