Key generation: is it possible to fail fast?

Justus Winter justus at
Mon Feb 20 10:28:46 CET 2017

Bjarni Runar Einarsson <bre at> writes:

> Hash: SHA1
> Hi Justus,
> Justus Winter <justus at> wrote:
>> At our last hackathon we briefly pondered an idea to make key
>> generation appear fast without compromising on key strength:
>> When the frontend starts a new key generation wizard, start
>> collecting entropy in the backend, and use this to speed up the
>> generation once the user completed the wizard.
> Interesting idea.
> This might improve the experience of manual users, but for tools
> which use GnuPG as a backend/API, this wouldn't change anything
> since the wizard would be completed instantly.
> It also probably only helps if the kernel's entropy pool is
> nearly full when GnuPG is started. If it's not, then the total
> time will remain unchanged because the kernel is already
> gathering entropy in the background, no matter what GnuPG is
> doing.

Sorry, I didn't get the idea across.  I meant to say that a frontend
like the MUA can communicate that it started a key generation wizard to
GnuPG running as a background service.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: </pipermail/attachments/20170220/8c481d13/attachment.sig>

More information about the Gnupg-devel mailing list