touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #30700
[Bug 706011] Re: gpg --key-gen doesn't have enough entropy and rng-tools install/start fails
I have this issue when generating GPG keys on a remote server. It seems
like generating GPG keys on remote web servers is a relatively common
use case, and might deserve another look by the GPG developers.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnupg in Ubuntu.
https://bugs.launchpad.net/bugs/706011
Title:
gpg --key-gen doesn't have enough entropy and rng-tools install/start
fails
Status in “gnupg” package in Ubuntu:
Confirmed
Bug description:
Binary package hint: gnupg
Description: Ubuntu 10.04.1 LTS
Release: 10.04
If you install gpg and then type: gpg --gen-key, it 'freezes up' during the entropy gathering phase.
....
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 278 more bytes)
....
(freeze here)
I found some reference on the interwebs suggesting to install rng-
tools so that the rngd daemon can gather more entropy for the system
because by default cat /proc/sys/kernel/random/entropy_avail has a
very very low number.
Thus, installation of rng-tools, fails to start the rngd daemon...
Setting up rng-tools (2-unofficial-mt.12-1ubuntu3) ...
Trying to create /dev/hwrng device inode...
Starting Hardware RNG entropy gatherer daemon: (failed).
invoke-rc.d: initscript rng-tools, action "start" failed.
It is then required to do this: echo "HRNGDEVICE=/dev/urandom" >> /etc/default/rng-tools
and then start rngd: /etc/init.d/rng-tools start
After this process is done, gpg --gen-key is immediate...
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.........+++++
...+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++
.+++++
And cat /proc/sys/kernel/random/entropy_avail has a much higher
number.
All in all, I think this process should be simplified by maybe making
gpg depend on rng-tools. The whole reason why I need to generate a gpg
key is because I want to sign the .deb debians that I'm creating for
my repository.
Thanks for your time.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/706011/+subscriptions