BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] How do I add entropy?
- Subject: [Discuss] How do I add entropy?
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- Date: Sun, 7 Sep 2014 15:01:12 +0000
- In-reply-to: <2091574.2kyEmHr34c@thinkpad>
- References: <2091574.2kyEmHr34c@thinkpad>
> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss- > bounces+blu=nedharvey.com at blu.org] On Behalf Of Bill Horne > > With the key signing coming up, I set out to generate a brand new, 4096-bit > RSA key. > > However, GPG says I need more entropy, BTW, how are you generating your key? Because knowing what I know now, the only thing I trust anymore is to use tinhatrandom as the random source, and use BouncyCastle to generate the RSA key based on that random source. But this would be rather low-level programatic. Another, easier approach I would trust is: First of all, verify that you know where openssl stores its seed. ls ~/.rnd It exists? Good, that's probably it. rm ~/.rnd openssl genrsa -out private.pem 3072 && rm private.pem ls ~/.rnd It exists again? Good, that means your openssl command regenerated it, so you've definitely found your .rnd file You can simply append randomness onto that file. Collect random bytes from other computers, using tinhatrandom, etc, and append those bytes onto the ~/.rnd file. And then generate an RSA 3072 key. openssl genrsa -out private.pem 3072
- References:
- [Discuss] How do I add entropy?
- From: bill at horne.net (Bill Horne)
- [Discuss] How do I add entropy?
- Prev by Date: [Discuss] What key lengths are currently adequate?
- Next by Date: [Discuss] What key lengths are currently adequate?
- Previous by thread: [Discuss] How do I add entropy?
- Next by thread: [Discuss] What key lengths are currently adequate?
- Index(es):
