Trying to generate a key for a server.
gpg --gen-key
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
and it just hangs there.
There is another error:
can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory
which seems to go away after:
gpg-agent --daemon
GPG_AGENT_INFO=/tmp/gpg-4c5hyT/S.gpg-agent:1397:1; export GPG_AGENT_INFO;
#GPG_AGENT_INFO=/tmp/gpg-4c5hyT/S.gpg-agent:1397:1; export GPG_AGENT_INFO;
gpg --gen-key
...
but again, it hangs at "...gain enough entropy".
There are no "++++++++++++++++++++++++++++++++++++++++++"'s which from forum posts looks like should be expected as the key is generated.
I have tried reinstalling the package, but seemingly everything depends on gpg.
I've read other people having problems with this on centos 6 too (whereas centos 5 works fine).
There is nothing remarkable in /var/log/*.
Any ideas on where to go from here?
Thanks.
When the
gpg --gen-keycommand hangs like this, log in to another shell and perform the following command:(This command basically reads from your hard drive and discards the output, because writing to
/dev/zerowill do nothing.)After a few seconds / minutes, the key generation command should complete.
For a more reliable solution you could install random number generator related utilities, which will make sure that you always have enough random bytes.
and then edit
/etc/sysconfig/rngdand addEXTRAOPTIONS="-r /dev/random"Start the service
Voila and you live happily ever after :)
https://gist.github.com/franciscocpg/1575d286548034113884c3185ca88681
Open a ssh session
sudo apt-get install rng-toolsIn another SSH window opengpg --gen--keyGo back to your first SSH session and runsudo rngd -r /dev/urandomLet this run till gpg generates your keys!Then you can kill rngd
sudo kill -9 $(pidof rngd)Both comments given before are perfectly fine. But here is just my 2 cents.
The problem with RHEL/centos 6 and entropy is that they are tickless kernels. So, by themselves, these kernels don't generate enough entropy. You have to get some keyboard attached or even some mouse movement or use dd as mentioned.
rngd daemon is awesome and most commercial entities use it.
However, the best approach I have seen is use of dedicated TPM device. They are small hardware which are quite expensive. You put them and rngd utilizes random true entropy from the hardware source. As far as I know, Fujitsu has some good TPM device.
Yeah, these three methods pretty much cover the entropy part.
Twist on other responses but at least one liner and not root.
Key-gen-options contains
Output-key.txt contains my super secret key.
EXTRAOPTIONS="-r /dev/urandom" worked for me instead of EXTRAOPTIONS="-r /dev/random"
I've tried all the solutions, and found that
havegedworks the best even when others don't work (especially on a headless server that doesn't have much user input or activity).yum install havegedapt install havegedIt starts the
havegeddaemon service that will keep/dev/randomfull of entropy.--key-genshould complete in less than a minute.You can verify by running
cat /dev/random. Normally, it will quickly run out of entropy and pause. That's why the--key-genhangs. But after installinghaveged,cat /dev/randomshould provide output continuously.How I did it:
pacman -S community/rng-toolsvim /etc/conf.d/rngdto addRNGD_OPTS="-r /dev/urandom"systemctl enable --now rngdgpg-agent --daemongpg --full-gen-keyWorked even when
$GNUPGHOMEis set to point to a custom directory.Switching to gpg2 worked for me.
None of the other solutions did, because of permissions issues.