Random Seed for Generating PGP Keys

NIIBE Yutaka gniibe at fsij.org
Wed May 27 04:46:57 CEST 2015

On 05/25/2015 01:35 AM, George Lee wrote:
> I'm interested in seeing if rather than relying on the built-in software to
> generate randomness when creating a PGP key, if it is possible to configure
> GnuPG to use a manually entered random seed. That way I could generate a
> seed using coins, dice, my magic cauldron, etc.

Well, in my I HWRNG implementation (named NeuG), I don't use coins or
dice.  The source is sampling of analog inputs by A/D converter (the
inputs itself doesn't matter much).  When you generate a key on Gnuk
Token, it goes directly from NeuG.

Actually, I thought similar thing.  Here is a post of mine in
September, 2013:


At that time, I considered that I could control more reliably with a
specific "raw" interface to feed entropy to an application directly.
But, currently, I think that it is rather good for GnuPG/libgcyrpt not
to have such an interface but just use system /dev/random (if

When we are using GNU/Linux system or some UNIXen, it goes like this
with HWRNG (with GCRY_RNG_TYPE_STANDARD configuration):

   HWRNG --> /dev/random --> CSPRNG [of GnuPG/libgcrypt] --> GPG key

Note that within HWRNG design itself, thre is usually CSPRNG component
to remove bias from its entropy source.  Further, it's also there in
the design of system /dev/random.

Thus, it is common to have many components of CRRNG in sequence, which
sounds pretty much redundant.

After all, the problem to solve here is: we want the random number
sequence under *none*'s control, so, it would be OK to have another
redundant CSPRNG or two.  That's my opinion.

BTW, now, my HWRNG is available in US, too.  Please visit:


More information about the Gnupg-users mailing list