generating a key

Brian M. Carlson
Thu Aug 15 16:49:01 2002

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Aug 10, 2002 at 11:34:55PM -0400, Dr. Miratey wrote:
> I've been using gpg for about two years on the computers at my university=
 (Sun stations). It works
> great. Now I have a small machine in my house (a quadra950, a m68k with D=
ebian 3.0r0) and I've just
> installed gpg 1.0.7 on it.
> The problem is that I can't generate a key. after a gpg --gen-key and fil=
ling the necesary info, this
> is what I get:
> Not enough random bytes available.  Please do some other work to give
> the OS a chance to collect more entropy! (Need 219 more bytes)

I don't know how big a key you're trying to generate, or how fast your
computer is. A larger key will require significantly more entropy.

> No matter what I do (I tried to generate the key during a really long com=
pile, and compressing some
> really long files) I just can't get enough entropy. What should I do? is =
it safe to create the key in
> another computer (ie: the sun stations i'm used to) and then copy it to m=
y local .gnupg directory?

It is safe assuming you trust the university computers to be free of
malicious code, keysniffers, a malicious superuser, etc. That's a lot of

I heard a recommendation to play with the control, shift, alt, option,
and command keys (whatever subset your computer has). It works best if
you sit there just tapping on the keys with one hand and moving the mouse
with the other.

You can see how much entropy you have by looking at
/proc/sys/kernel/random/entropy_avail (which should never be more than
4096). If you look at this several times, you will gain more entropy
automagically. You can also look at this before you generate the key. If
you wait until it is at 4096 (or its largest value on your machine), then
you may not have to wait to collect more entropy.

You can also just go around and do whatever you'd normally do with your
computer: read mail, program, browse the web, etc.

Brian M. Carlson <> <> 0x560553=
checkuary, n:
	The thirteenth month of the year.  Begins New Year's Day and ends
	when a person stops absentmindedly writing the old year on his checks.

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.1.90 (GNU/Linux)
Comment: Ubi libertas, ibi patria.

Signature policy: