AW: Key generation with GPGME and GnuPG hangs at gpgme_op_genkey

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jan 26 19:30:13 CET 2016


On Tue 2016-01-26 06:02:09 -0500, Sandra Schreiner wrote:
 [ Robert J. Hansen wrote: ] 
>> Are you getting periodic messages about "Not enough random bytes
>> available.  Please do some other work to give the OS a chance to
>> collect more entropy! (Need 167 more bytes)" or something like that?
>
> Yes. You are right. These messages appear often.

You said that you are running in a Jessie VM.  Depending on the type of
VM, it's possible that there are few events that are feeding the
kernel's entropy pool (no virtualized hardware or software or anything
similar).  GnuPG relies on the kernel's entropy to initialize the key
generation process, and it consumes rather a lot of it.

I don't know what kind of virtualization you're using, so i have no
concrete suggestions for how you could increase the entropy in the VM
you're using, other than the usual tricks of typing into keyboard and
wiggling the mouse.

you can see the state of the Linux kernel's entropy by looking at the
contents of the file /proc/sys/kernel/random/entropy_avail -- if that is
staying close to 0, it's likely that this is the problem.

For testing purposes only, you might be interested in using the
--debug-quick-random flag, which would avoid waiting on the kernel's
blocking RNG.


I note that you're passing the root of the filesystem as your preferred
CONFIG_DIR:

      const char * CONFIG_DIR = "/";

This might be a mistake, because it's unlikely that a normal user can
write to the root directory, and you almost certainly don't *want* to
use the root directory as your gpg config dir.

gpgme_set_engine_info() accepts NULL as the HOME_DIR parameter, which
asks for the engine' default homedir to be used.

> Moreover I noticed that GPGME 1.5 may be outdated. I saw that e.g. the
> mode GPGME_EXPORT_MODE_SECRET is missing for exporting private
> keys. Therefore I would like to update GnuPG and GPGME together. Sadly
> there is no new version of them available in the debian package
> manager. How can I manage to update them? I found the tarball of GPGME
> 1.6 but don't know which version of GnuPG would match this GPGME
> version.

gpgme and gnupg are not intentionally tightly coupled.  I wouldn't try
to update them until you've figured out what's going on here.

If the delay is still happening for you even with a system with entropy
available, you might also try looking at the process table to see what
is going on -- if there's a backgrounded gpg or gpg2 process, you could
try attaching to it with strace ("strace -p $PID", where $PID is the
process ID of the gpg process) to see what it's doing.

hth,

        --dkg



More information about the Gnupg-users mailing list