gpg --gen-key hangs at gaining enough entropy on centos 6

Trying to generate a key for a server.

gpg --gen-key

We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.

and it just hangs there.

There is another error:

can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory

which seems to go away after:

gpg-agent --daemon
GPG_AGENT_INFO=/tmp/gpg-4c5hyT/S.gpg-agent:1397:1; export GPG_AGENT_INFO;

#GPG_AGENT_INFO=/tmp/gpg-4c5hyT/S.gpg-agent:1397:1; export GPG_AGENT_INFO;
gpg --gen-key
...

but again, it hangs at "...gain enough entropy".

There are no "++++++++++++++++++++++++++++++++++++++++++"'s which from forum posts looks like should be expected as the key is generated.

I have tried reinstalling the package, but seemingly everything depends on gpg.

I've read other people having problems with this on centos 6 too (whereas centos 5 works fine).

There is nothing remarkable in /var/log/*.

Any ideas on where to go from here?

Thanks.

Solution 1:

When the gpg --gen-key command hangs like this, log in to another shell and perform the following command:

dd if=/dev/sda of=/dev/zero

(This command basically reads from your hard drive and discards the output, because writing to /dev/zero will do nothing.)

After a few seconds / minutes, the key generation command should complete.

Solution 2:

For a more reliable solution you could install random number generator related utilities, which will make sure that you always have enough random bytes.

yum install rng-tools

and then edit /etc/sysconfig/rngd and add EXTRAOPTIONS="-r /dev/random"

Start the service

 service rngd start

Voila and you live happily ever after :)

Solution 3:

https://gist.github.com/franciscocpg/1575d286548034113884c3185ca88681

Open a ssh session sudo apt-get install rng-tools In another SSH window open gpg --gen--key Go back to your first SSH session and run sudo rngd -r /dev/urandom Let this run till gpg generates your keys!

Then you can kill rngd sudo kill -9 $(pidof rngd)

Solution 4:

Both comments given before are perfectly fine. But here is just my 2 cents.

The problem with RHEL/centos 6 and entropy is that they are tickless kernels. So, by themselves, these kernels don't generate enough entropy. You have to get some keyboard attached or even some mouse movement or use dd as mentioned.

rngd daemon is awesome and most commercial entities use it.

However, the best approach I have seen is use of dedicated TPM device. They are small hardware which are quite expensive. You put them and rngd utilizes random true entropy from the hardware source. As far as I know, Fujitsu has some good TPM device.

Yeah, these three methods pretty much cover the entropy part.

Solution 5:

Twist on other responses but at least one liner and not root.

((find / | xargs file) &> /dev/null &); gpg2 --gen-key --batch --passphrase-file output-key.txt key-gen-options.txt

Key-gen-options contains

Key-Type: 1
Key-Length: 2048
Subkey-Type: 1
Subkey-Length: 2048
Name-Real: myuser
Name-Email: [email protected]
Expire-Date: 0

Output-key.txt contains my super secret key.