generating a key

Brian M. Carlson karlsson@hal-pc.org
Thu Aug 15 16:49:01 2002


--wq9mPyueHGvFACwf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Aug 10, 2002 at 11:34:55PM -0400, Dr. Miratey wrote:
> I've been using gpg for about two years on the computers at my university=
 (Sun stations). It works
> great. Now I have a small machine in my house (a quadra950, a m68k with D=
ebian 3.0r0) and I've just
> installed gpg 1.0.7 on it.
> The problem is that I can't generate a key. after a gpg --gen-key and fil=
ling the necesary info, this
> is what I get:
>=20
> Not enough random bytes available.  Please do some other work to give
> the OS a chance to collect more entropy! (Need 219 more bytes)

I don't know how big a key you're trying to generate, or how fast your
computer is. A larger key will require significantly more entropy.

> No matter what I do (I tried to generate the key during a really long com=
pile, and compressing some
> really long files) I just can't get enough entropy. What should I do? is =
it safe to create the key in
> another computer (ie: the sun stations i'm used to) and then copy it to m=
y local .gnupg directory?

It is safe assuming you trust the university computers to be free of
malicious code, keysniffers, a malicious superuser, etc. That's a lot of
trust.

I heard a recommendation to play with the control, shift, alt, option,
and command keys (whatever subset your computer has). It works best if
you sit there just tapping on the keys with one hand and moving the mouse
with the other.

You can see how much entropy you have by looking at
/proc/sys/kernel/random/entropy_avail (which should never be more than
4096). If you look at this several times, you will gain more entropy
automagically. You can also look at this before you generate the key. If
you wait until it is at 4096 (or its largest value on your machine), then
you may not have to wait to collect more entropy.

You can also just go around and do whatever you'd normally do with your
computer: read mail, program, browse the web, etc.

--=20
Brian M. Carlson <karlsson@hal-pc.org> <http://decoy.wox.org/~bmc> 0x560553=
E7
checkuary, n:
	The thirteenth month of the year.  Begins New Year's Day and ends
	when a person stops absentmindedly writing the old year on his checks.

--wq9mPyueHGvFACwf
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.1.90 (GNU/Linux)
Comment: Ubi libertas, ibi patria.

iQFKBAEBAwA0BQI9W7+DLRpodHRwOi8vZGVjb3kud294Lm9yZy9+Ym1jL29wZW5w
Z3AvcG9saWN5LnRleAAKCRDlkf/JVgVT51TnCADDyhIpglbgZs9cxg6qQ0AF0xqS
8ikMcQo3fEZqe5nwloqqrEAviYSv8VBMXFfIS7HPl7p6nhjijvSsm7G2FCBRd54U
nSbH3aMjlJ9ro77dm19gMlE2lTmUiKTCQ3idUtFrco2lCf09BiDLHtgKZ4Mws9T2
N5oaoCbl8JRrXq+BrKGwh85HN0VpaZX8egd5yZQpVbuF30jHGMaqoK1APtmQ2QE2
qXHS9tAvgFpwHeBSdm6tvT6t9FNqn7r9ZhXwiSc5exMsVwSMfP66gm/wqTZDW56j
L3FkZoXWGqZGTjrmmAQaQn+EBR1gPeoRjmwBls48TScQNp5KIRwzcvnv37Rq
=HeUe
-----END PGP SIGNATURE-----
Signature policy: http://decoy.wox.org/~bmc/openpgp/policy.tex

--wq9mPyueHGvFACwf--