Skip to content

Instantly share code, notes, and snippets.

@colematt
Last active November 12, 2019 20:10
Show Gist options
  • Select an option

  • Save colematt/084ce450b8c8632e59ef060dc1a08ba6 to your computer and use it in GitHub Desktop.

Select an option

Save colematt/084ce450b8c8632e59ef060dc1a08ba6 to your computer and use it in GitHub Desktop.
[Generating Entropy for Keys] #linux

Introduction

Did you get this error message?

We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 210 more bytes)

How much entropy do I actually have?

cat /proc/sys/kernel/random/entropy_avail

Making entropy using rng-tools

sudo apt update
sudo apt install rng-tools
sudo rngd -b -r /dev/urandom

Now you can generate your keys by retrying gpg --gen-key or ssh-keygen since rngd is running as a daemon.

Making entropy using havegd

sudo apt update
sudo apt install haveged

Update /etc/default/haveged if not already set:

DAEMON_ARGS="-w 1024"

Configure to start on boot:

update-rc.d haveged defaults

Making entropy in userspace

This works despite not having permissions to install new software, on a headless server with virtually no input hardware (sound card, keyboard, mouse) attached. You can run this simple code from another terminal connect to same server, to add to the entropy. It does not matter if you start running this before or after starting gpg --gen-key

nice -n 19 bash
until [ $COUNT -lt 1 ]; do \
	let COUNT=`cat /proc/sys/kernel/random/entropy_avail` \
	echo "`date` COUNTER $COUNT" \
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment