Signing keys on a low-entropy system

Tapio Sokura tapio.sokura at
Fri Nov 8 18:07:21 CET 2013

On 8.11.2013 1:11, Johannes Zarl wrote:
> How is GnuPG affected by such a low-entropy system? Will operations just take 
> a bit longer, or can this affect the quality/security of generated keys or 
> signatures?

Key generation definitely needs good random data. But generating an RSA
signature is completely deterministic; the RSA operations themselves do
not use or need random data.

Another thing is that some signature schemes that use RSA also add
random padding data into the data that is being signed, but I don't
think signatures in PGP do that. I may be wrong though, haven't combed
through the PGP specs thoroughly.


More information about the Gnupg-users mailing list