Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] How do I add entropy?

> From: at [mailto:discuss-
> at] On Behalf Of Bill Horne
> With the key signing coming up, I set out to generate a brand new, 4096-bit
> RSA key.
> However, GPG says I need more entropy, 

BTW, how are you generating your key?  Because knowing what I know now, the only thing I trust anymore is to use tinhatrandom as the random source, and use BouncyCastle to generate the RSA key based on that random source.  But this would be rather low-level programatic.

Another, easier approach I would trust is:  First of all, verify that you know where openssl stores its seed.  
	ls ~/.rnd
	It exists?  Good, that's probably it.
	rm ~/.rnd
	openssl genrsa -out private.pem 3072 && rm private.pem
	ls ~/.rnd
	It exists again?  Good, that means your openssl command regenerated it, so you've definitely found your .rnd file

You can simply append randomness onto that file.  Collect random bytes from other computers, using tinhatrandom, etc, and append those bytes onto the ~/.rnd file.

And then generate an RSA 3072 key.
	openssl genrsa -out private.pem 3072

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /