View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Is anyone else unable to generate a GPG Key?
Log in to Ask a Question

Is anyone else unable to generate a GPG Key?

general

I ran gpg –gen-key on my server, and it has amounted to nothing after more than an hour.

Is there not enough entropy on a Linode 768 to generate a GPG key?

Can't seem to make this work.

8 Replies

I just gave it a whirl and it sat there saying not enough random bytes available (this is a near idle linode 512), I dumped a 800mb MySQL database and after around 200mb it finished creating the key.

So in answer to your question, no there probably isn't enough entropy on a server (mainly due to the lack of a keyboard and mouse), do some sort of heavy disk usage action while generating the key and it should generate.

@Lime:

I must've looked like a real genius there at my workdesk, banging away at my keyboard for 1-2 minutes straight, intermittently for all that time.
I don't think that method is going to work with a remote server. Open up another window and try something like du /

Thanks for the advice. This is on a new server, so I have no DB to mess with. I have 5 screen sessions open, 4 of which are running top, rotating in cat /dev/urandom sometimes. I was running du / but that didn't seem to be taxing enough. Are there any other commands that are particularly good in this case?

edit: now have 25 screen sessions open, some running top, others running "du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du / && du /". Anyone have recommendations?

running cat on /dev/urandom will use up entropy, try running something like tar -cf /root/tmp.tar /usr that will tar your entire /usr directory into /root/tmp.tar which you can delete afterwards, that should be big enough to create enough entropy

Thanks obs. Looks like the tar command did it.

There is a Debian package to get enough entropy.

~~[http://www.howtoforge.com/helping-the-random-number-generator-to-gain-enough-entropy-with-rng-tools-debian-lenny" target="_blank">](http://www.howtoforge.com/helping-the-r … bian-lenny">http://www.howtoforge.com/helping-the-random-number-generator-to-gain-enough-entropy-with-rng-tools-debian-lenny](

It's a daemon, so I will uninstall it after generating GPG Keys.

Of course, source code is available: http://sourceforge.net/projects/gkernel/

Ivy Bridge has a DRNG that can pull in 2-3 Gbps of high quality entropy, I think we'll see this problem (limited entropy in cloud hosting environments) go away once cloud hosts have moved to Xeons based on Ivy Bridge or newer.

@drpks:

There is a Debian package to get enough entropy.

~~[http://www.howtoforge.com/helping-the-random-number-generator-to-gain-enough-entropy-with-rng-tools-debian-lenny" target="_blank">](http://www.howtoforge.com/helping-the-r … bian-lenny">http://www.howtoforge.com/helping-the-random-number-generator-to-gain-enough-entropy-with-rng-tools-debian-lenny](
Recycling /dev/urandom might be good enough for running self-signed SSL certs on hobby sites, but it's nowhere near secure enough for generating GPG keys.

Also, rng knows when you're trying to feed it with low-quality pseudorandom bits. It will usually refuse to use such sources until enough entropy is collected by some other means.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct