[Discuss] How do I add entropy?
Edward Ned Harvey (blu)
blu at nedharvey.com
Sun Sep 7 11:01:12 EDT 2014
> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
> bounces+blu=nedharvey.com at blu.org] On Behalf Of Bill Horne
>
> With the key signing coming up, I set out to generate a brand new, 4096-bit
> RSA key.
>
> However, GPG says I need more entropy,
BTW, how are you generating your key? Because knowing what I know now, the only thing I trust anymore is to use tinhatrandom as the random source, and use BouncyCastle to generate the RSA key based on that random source. But this would be rather low-level programatic.
Another, easier approach I would trust is: First of all, verify that you know where openssl stores its seed.
ls ~/.rnd
It exists? Good, that's probably it.
rm ~/.rnd
openssl genrsa -out private.pem 3072 && rm private.pem
ls ~/.rnd
It exists again? Good, that means your openssl command regenerated it, so you've definitely found your .rnd file
You can simply append randomness onto that file. Collect random bytes from other computers, using tinhatrandom, etc, and append those bytes onto the ~/.rnd file.
And then generate an RSA 3072 key.
openssl genrsa -out private.pem 3072
More information about the Discuss
mailing list