import trustdb.gpg or start from scratch?

Kristian Fiskerstrand kristian.fiskerstrand at
Wed Nov 14 12:15:49 CET 2012

On 11/14/2012 10:52 AM, Werner Koch wrote:
> On Wed, 14 Nov 2012 00:27, rjh at said:
>> Including random_seed?  I've always been under the impression that's a
>> big no-no.
> Well, it is a backup and assumed to be used after a loss of data and not
> to replicate the data to several sites.
> random_seed is a cache file to speed up things.  It is never used
> directly.  For key generation we make sure that at least 300 fresh
> random bytes are mixed into the 600 bytes of the random pool (the state
> on which the RNG works).
> For session keys, we work on a random pool which has been initialized
> from the random_seed file.  But we also mix some other state into it
> (from the fast entropy gatherer).  Without a random_seed file, every use
> of session keys (i.e. a plain public key encryption) would require a lot
> of time to get entropy from the slow gatherer (usually /dev/random).
> That just takes too long and wastes precious entropy.

Is there any configuration option to force the use of /dev/random? I'm
thinking mainly of the case where a system has a TRNG device and there
isn't expected to be a block on such a request.

Kristian Fiskerstrand
Twitter: @krifisk
Divide et impera
Divide and govern
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is
available in both Amazon Kindle and Paperback
format at
Public PGP key 0xE3EDFAE3 at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 903 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20121114/1a11025f/attachment-0001.pgp>

More information about the Gnupg-users mailing list