Home Linux Tips & Tricks How to Generate Enough ‘Entropy’ For GPG Key Generation Process

How to Generate Enough ‘Entropy’ For GPG Key Generation Process

By sk
Published: Last Updated on 5.7K views

The other I was trying to generate GPG key. It took really a long time and I was running out of time and losing my patience. The GPG isn't generated even after I waited for almost an hour. I am not aware of GPG key generation process at that time, and I have never created one before. So I dig a little in Google and found out that I need to generate enough Entropy for GPG key generation process. If you are ever been in this situation, read on. It was not that difficult.

Generate Enough 'Entropy' For GPG Key Generation Process

I entered the following command to create a GPG key:

$ gpg --gen-key

And, I got this message:

[...]
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: agent_genkey failed: No pinentry
Key generation failed: No pinentry
Key generation failed: No pinentry

Key generation failed: No pinentry

As you in the above command, it shows there is "no Pinentry" package.

Make sure you have installed pinentry-gtk or pinentry-qt packages.

To install this package on Arch based systems, run:

$ sudo pacman -S pinentry

On RPM based systems:

$ sudo yum install pinentry

On DEB based systems:

$ sudo apt-get install pinentry

Then, create or edit gpg-agent.conf file:

$ sudo nano ~/.gnupg/gpg-agent.conf

And add one of the following lines:

pinentry-program /usr/bin/pinentry-curses

Or,

pinentry-program /usr/bin/pinentry-qt

skserver_004

Save and close the file. Reboot your system to apply the changes.

Now, let us create GPG key:

$ gpg --gen-key

Here is where I got struck for hours. I ran this command and waited for an hour. It says I don't have sufficient Entropy and didn't create the key.

To create enough entropy we need to install a package called "rng-tools".

On Arch Linux and its derivatives, run:

$ sudo pacman -S rng-tools

On RHEL and its derivatives, run:

$ sudo yum install epel-release
$ sudo yum install rng-tools

On Debian/Ubuntu and derivatives, run:

$ sudo apt-get install rng-tools

In case the above package is not available, try to install "rng-utils" instead.

After you installed this utility, run the following command to gain enough Entropy:

$ sudo rngd -r /dev/urandom

Repeat the above command until you got enough Entropy to create a GPG key.

Let us check the amount of bytes of entropy currently available using command:

$ cat /proc/sys/kernel/random/entropy_avail

Sample output:

3103

skserver_007

Now, try to create GPG key again. This time the GPG key generation process will be much faster.

$ gpg --gen-key

Enter your name and mail ID and press enter.

Enter your passphrase:

skserver_005

Re-enter passphrase:

skserver_006

Success! The GPG key has been created.

skserver_008

Hope this helps.

You May Also Like

2 comments

Concerned September 29, 2019 - 10:56 am

do NOT do this!!

/dev/urandom isn’t cryptographically secure!

It may suck, but just jiggle your mouse around until you get enough entropy. It’ll be more secure.

Reply
Aaron September 28, 2023 - 6:11 pm

@CONCERNED Incorrect. /dev/urandom has *always* been cryptographically secure. https://www.2uo.de/myths-about-urandom/

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More