Comment 7 for bug 706011

Revision history for this message
Steve McIntyre (steve-mcintyre) wrote :

If you want to create a useful, valid (i.e. secure) gpg key, then you need a good source of entropy. There is no way around that. If you're working on a remote or virtual machine or with limited inputs into the random pool, then there are a couple of ways of improving that:

1. Generate the key on another machine that *does* have good entropy sources (e.g. on a desktop machine)

2. Find another way to add more entropy to your machine, for example a hardware RNG such as the entropy key (http://www.entropykey.co.uk/) The rng-tools package is explicitly designed to interface with this kind of hardware, to cope with the case where the hardware might not be usable directly with the kernel random pool. When used that way, rng-tools will provide the right kind of entropy; it's not capable of generating entropy where none exists already.

It's unfortunate that your systems are not generating enough entropy for gpg to work well for you these days; you may be able to make it work better by explicitly choosing a smaller key size. Recent linux systems use entropy more than ever before due to ASLR (http://en.wikipedia.org/wiki/Address_space_layout_randomization) which won't be helping you.