touch-packages team mailing list archive

Thread
Date

[Bug 706011] Re: gpg --key-gen doesn't have enough entropy and rng-tools install/start fails

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Brylie Christopher Oxley <brylie@xxxxxxxxxxxx>
Date: Fri, 31 Oct 2014 12:49:21 -0000
Reply-to: Bug 706011 <706011@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I have this issue when generating GPG keys on a remote server. It seems
like generating GPG keys on remote web servers is a relatively common
use case, and might deserve another look by the GPG developers.

--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnupg in Ubuntu.
https://bugs.launchpad.net/bugs/706011

Title:
gpg --key-gen doesn't have enough entropy and rng-tools install/start
fails

Status in “gnupg” package in Ubuntu:
Confirmed

Bug description:
Binary package hint: gnupg

Description: Ubuntu 10.04.1 LTS
Release: 10.04

If you install gpg and then type: gpg --gen-key, it 'freezes up' during the entropy gathering phase.

....
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 278 more bytes)
....
(freeze here)

I found some reference on the interwebs suggesting to install rng-
tools so that the rngd daemon can gather more entropy for the system
because by default cat /proc/sys/kernel/random/entropy_avail has a
very very low number.

Thus, installation of rng-tools, fails to start the rngd daemon...

Setting up rng-tools (2-unofficial-mt.12-1ubuntu3) ...
Trying to create /dev/hwrng device inode...
Starting Hardware RNG entropy gatherer daemon: (failed).
invoke-rc.d: initscript rng-tools, action "start" failed.

It is then required to do this: echo "HRNGDEVICE=/dev/urandom" >> /etc/default/rng-tools
and then start rngd: /etc/init.d/rng-tools start

After this process is done, gpg --gen-key is immediate...

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.........+++++
...+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++
.+++++

And cat /proc/sys/kernel/random/entropy_avail has a much higher
number.

All in all, I think this process should be simplified by maybe making
gpg depend on rng-tools. The whole reason why I need to generate a gpg
key is because I want to sign the .deb debians that I'm creating for
my repository.

Thanks for your time.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/706011/+subscriptions