GPG key pairs and broken random number generation

Generate a gpg keypair
====$ gpg –gen-key====

gpg: directory `/home/user/.gnupg' created
gpg: new configuration file `/home/user/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/user/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/user/.gnupg/secring.gpg' created
gpg: keyring `/home/user/.gnupg/pubring.gpg' created
Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection?

gpg: directory `/home/user/.gnupg' created

gpg: new configuration file `/home/user/.gnupg/gpg.conf' created

gpg: WARNING: options in `/home/user/.gnupg/gpg.conf' are not yet active during this run

gpg: keyring `/home/user/.gnupg/secring.gpg' created

gpg: keyring `/home/user/.gnupg/pubring.gpg' created

Please select what kind of key you want:

(1) DSA and Elgamal (default)

(2) DSA (sign only)

(5) RSA (sign only)

Your selection?

DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)

DSA keypair will have 1024 bits.

ELG-E keys may be between 1024 and 4096 bits long.

What keysize do you want? (2048)

Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)

Requested keysize is 2048 bits

Please specify how long the key should be valid.

0 = key does not expire

<n> = key expires in n days

<n>w = key expires in n weeks

<n>m = key expires in n months

<n>y = key expires in n years

Key is valid for? (0)

Then you’ll need to enter you name, email, and a comment.

If you get to the random number generation and it just dies there, hit ctrl-c

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 283 more bytes)

gpg: Interrupt caught ... exiting

Not enough random bytes available. Please do some other work to give

the OS a chance to collect more entropy! (Need 283 more bytes)

gpg: Interrupt caught ... exiting

Check /dev/random to make sure you’re getting some output. If you dont get any standard output when you run this, ctrl-c and you will see 0+1 records in/out. This means there is a problem with your /dev/random device.
====$ dd if=/dev/random====

0+1 records in
0+0 records out

1 2	0+1 records in 0+0 records out

My fix for this was to use urandom in place of a hardware random device. /dev/hw_random does not exist, so I just went with pseudo random instead. To do this, you’ll need the rng-utils package installed. After doing this, test again with dd to make sure you get garbage sent to standard output then go back and retry creating the keys. You should have no problem getting entropy…

$ sudo /sbin/rngd -r /dev/urandom -o /dev/random

Export the public key
====$ gpg –armor –output brokey.gpg –export admica@rootninja.com====

Copy /home/user/.gnupg/brokey.gpg to the bro host and import it.
====$ gpg –import brokey.gpg====

gpg: key 047E07CD: public key "Fname Lname (admica) <user@host.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

gpg: key 047E07CD: public key "Fname Lname (admica) <user@host.com>" imported

gpg: Total number processed: 1

gpg: imported: 1

Posted on April 1st, by admica in security.

Comments Off

Comments are closed.

GPG key pairs and broken random number generation

Support