Key generation: is it possible to fail fast?

Kristian Fiskerstrand kristian.fiskerstrand at
Fri Feb 17 16:27:39 CET 2017

On February 17, 2017 4:17:13 PM GMT+01:00, Tobias Mueller <muelli at> wrote:
>On Fri, Feb 17, 2017 at 01:39:01PM -0000, Bjarni Runar Einarsson wrote:
>> If the system doesn't have enough entropy, and generates entropy
>> too slowly to create a key within a "reasonable time frame",
>> would it be possible to detect that and fail early?
>Hm. I guess you could run a timer and abort the key generation (e.g.
>kill the 
>process) if it's taking you too long.
>> Of course, anything that can be done to speed up key generation
>> would be ideal
>ECC keys are super fast to generate.
>I've seen people installing havegd in virtual machine environments
>to emulate entropy.

I prefer adding a TRNG (like NeuG (reads noisy)) by gniibe on the hypervisor and accessing that from within the VMs (libvirt+qemu+kvm) , works like a charm

>  Tobi
>Gnupg-devel mailing list
>Gnupg-devel at

Kristian Fiskerstrand
Twitter: @krifisk
Public OpenPGP certificate at hkp://
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

More information about the Gnupg-devel mailing list