After issuing the command
gpg --gen-key
trying to generate a key pair using gpg I got the message:
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 280 more bytes)
the OS a chance to collect more entropy! (Need 280 more bytes)
BEST SOLUTION
After some search on web, I got different procedures, and I began testing them.
The one that really worked successfully was that using rng-tools.
A tutorial to set up rng-tools can be found at:
http://www.howtoforge.com/helping-the-random-number-generator-to-gain-enough-entropy-with-rng-tools-debian-lenny
besides being the most practical solution.
The gpg command started working without failures, being stable.
I've create a summary with additional information for the alternative solutions which are described below just in case being useful someway.
Unfortunately, the alternative solutions using ls / -R or find / > /dev/null and the --no-use-agent flag were not always successful.
I've got some success but also failures, using the same environment and procedures. So far, for professional usage I've discarded, but they can be a valuable attempt if you have no rights to install packages on the target environment and need a temporary solution during an emergency.
ALTERNATIVE SOLUTIONS
Go to terminal and check your entropy:
watch cat /proc/sys/kernel/random/entropy_avail
You're gonna get a real time feedback as an entropy number.
The biggest, the best.
Lower system activity, lower entropy number.
GPG requires high entropy.
Go to a second shell and start the following command:
ls / -R
Let it running.
Return to the prior terminal - the entropy shall be increasing.
Still let ls command running.
Go to a third terminal to generate the key pair using this command:
gpg --gen-key --no-use-agent
That's it. Done.
But...
Why the --no-use-agent flag?
Checking man (man gpg), you see:
--no-use-agent
Try to use the GnuPG-Agent. With this option, GnuPG first tries
to connect to the agent before it asks for a passphrase. --no-
use-agent disables this option.
--gpg-agent-info
Override the value of the environment variable
'GPG_AGENT_INFO'’. This is only used when --use-agent has been
given. Given that this option is not anymore used by gpg2, it
should be avoided if possible.
Probably this issue is already fixed in newer versions.
If you need to generate more entropy, try this:
- using find command by other way:
http://michaelheap.com/not-enough-random-bytes-available-gpg-signing/
- using stress tool from:
http://packages.debian.org/squeeze/stress
suggested by:
http://stackoverflow.com/questions/12257653/pgp-not-enough-random-bytes-available-please-do-some-other-work-to-give-the-o
If this procedure still fails, there is also, an interesting procedure using rng-tools at:
https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/706011
To check you gpg version:
gpg --version
The information compiled here was based on several posts, among them:
http://avinashpillai.blogspot.com/2011/12/gpg-keygen-not-enough-random-bytes.html
http://stackoverflow.com/questions/11708334/pgp-asymmetric-not-enough-random-bytes-available-please-do-some-other-work-to
http://stackoverflow.com/questions/12257653/pgp-not-enough-random-bytes-available-please-do-some-other-work-to-give-the-o
http://michaelheap.com/not-enough-random-bytes-available-gpg-signing/
https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/706011
No comments:
Post a Comment