WKS server problems

Phil Pennock gnupg-users at spodhuis.org
Sun Mar 22 04:17:19 CET 2020


On 2020-03-21 at 23:30 +0000, Andrew Gallagher wrote:
> I'm trying to follow the WKS instructions from the wiki[1] on a remote
> VM, but it hangs at the key generation stage:
[...]
> gpg (GnuPG) 2.2.4

Is this a newly created VM?  Can you not use the opportunity of "nothing
else on the system which needs to be left untouched" to install newer
GnuPG?

GnuPG 2.2.4 is from 2017, there have been many fixes and security
improvements since then.

Besides, 2.2.14 is the first version with WKS support.  Is that what you
meant?

Please, for new VMs just install the latest version from whatever
backports / compatibility package repository your OS distribution uses.

> key-submission at keys1:~$ gpg --passphrase '' --batch --quick-gen-key
> "$SUBMISSION_ADDRESS"

> Any idea what's going on?

Assuming Linux:

For such an old GnuPG release, assuming an equally old libgcrypt, my
best guess is that it's trying to use /dev/random for entropy and
blocking, since /dev/urandom isn't safe (for key generation) on Linux.

    cat /proc/sys/kernel/random/entropy_avail

Newer GnuPG / libgcrypt use better system calls (getentropy/getrandom)
which are still safe but which don't use calls which cause Linux to get
its knickers in a twist about too many calls for entropy.

-Phil



More information about the Gnupg-users mailing list