Gpg key generation stuck at "Use keyboard or mouse to generate enough entropy"

Support
1

I have been trying to generate a private on a relatively fresh manjaro install. The process gets stuck at the infamous “Generate enough entropy” message.

Whatever I try, the prime key generation hangs for ever; I let it run for a few hours once just to make sure.

There are a lot of posts and tutorials about this. Many suggesting havegd, rng-tools or using commands like find or cat /dev/urandom (which by the way forced me to do a hard reboot; I do not recommend).

I did not try havegd because the ArchWiki page recommends (havegd page) using rng-tools. I tried the ArchWiki (rng-tools page) testing commands for rngd:

  • rngtest -c 1000 </dev/random ends up with two failures which is fine according to the wiki page
  • dd if=/dev/random of=/dev/null bs=1024 count=1 iflag=fullblock outputs exactly what the wiki page suggests for a successful test
  • sudo rngd -f on the other hand fails to initialize pkcs11:
Initializing available sources
[hwrng ]: Initialized
[rdrand]: Enabling RDSEED rng support
[rdrand]: Initialized
[jitter]: JITTER timeout set to 5 sec
[jitter]: Initializing AES buffer
[jitter]: Unable to obtain AES key, disabling JITTER source
[jitter]: Initialization Failed
[pkcs11]: PKCS11 Engine /usr/lib64/opensc-pkcs11.so Error: No such file or directory
[pkcs11]: Initialization Failed
[rtlsdr]: Initialization Failed

I checked with pacman, all related pkcs packages seem to be installed:

core/libp11-kit 0.25.0-1 [installed]
    Loads and enumerates PKCS#11 modules (library)
core/p11-kit 0.25.0-1 [installed]
    Loads and enumerates PKCS#11 modules
core/p11-kit-docs 0.25.0-1
    Loads and enumerates PKCS#11 modules (documentation)
extra/gnupg-pkcs11-scd 0.10.0-2 [installed]
    Smart-card daemon to enable the use of PKCS#11 tokens with GnuPG
extra/haskell-rsa 2.4.1-207
    Implementation of RSA, using the padding schemes of PKCS#1 v2.1.
extra/libp11 0.4.12-2 [installed]
    A library implementing a small layer on top of the PKCS11 API
extra/pkcs11-helper 1.29.0-2 [installed]
    A library that simplifies the interaction with PKCS11 providers for end-user
    applications using a simple API and optional OpenSSL engine
extra/python-python-pkcs11 0.7.0-6
    PKCS#11/Cryptoki support for Python
extra/softhsm 2.6.1-4
    Software PKCS#11 store
extra/tpm2-pkcs11 1.9.0-1
    PKCS#11 interface for Trusted Platform Module 2.0 hardware
multilib/lib32-p11-kit 0.25.0-1
    Loads and enumerates PKCS#11 modules (32-bit library)

I tried running a gpg key generation while:

  • running rngd -f in another terminal,
  • starting the rngd systemd service,
  • running commands like cat /dev/urandom,

Out of despair, I tried installing havegd, but the systemd service fails to start with the following error:
Entropy Daemon based on the HAVEGE algorithm was skipped because of an unmet condition check (ConditionKernelVersion=<5.6)
My kernel version is indeed 6.1.44-1-MANJARO (64-bit).

Finally, what comes up in every post I read is to run cat /proc/sys/kernel/random/entropy_avail to see how much entropy is available on your system. Since the start of my many attempts to raise tht number, the output is invariably (and dishearteningly) 256.

Based on what I understood from the wikis and posts, it is not only about successfully generating a key but generating qualitative entropy so the generated keys are secure.

So I am not looking for a shortcut, but a “good” solution as the archWiki states for example that running rngd -o /dev/random -r /dev/urandom is pointless, and I came across this advice a lot. I tried it anyway, and guess what ? Still 256, and gpg (or gpg2 btw) still hanging for ever.

Thanks in advance for any advice, I most definitely need some help at this point.

PS: Sorry for the esthetics, I cannot include links.

2

I assume you are familiar with these

After you installed rng-tools - did you enable the service?

sudo systemctl enable --now rngd.service

One could speculate if it is a hardware dependant issue?

I just tested on my system - I admit not a system you see everywhere - nonetheless

 $ cat /proc/sys/kernel/random/entropy_avail 
256

 $ time gpg --quick-generate-key root.nix.dk
About to create a key for:
    "root.nix.dk"

Continue? (Y/n) 
gpg: A key for "root.nix.dk" already exists
Create anyway? (y/N) y
gpg: creating anyway
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: revocation certificate stored as '/home/fh/.gnupg/openpgp-revocs.d/DB7EDC2DFA2ADD3F5CBBD8036B593E525D742C9A.rev'
public and secret key created and signed.

pub   rsa3072/0x6B593E525D742C9A 2023-08-23 [SC] [expires: 2025-08-22]
      DB7EDC2DFA2ADD3F5CBBD8036B593E525D742C9A
uid                              root.nix.dk
sub   rsa3072/0x75717588178707C2 2023-08-23 [E]


real    0m49,494s
user    0m0,007s
sys     0m0,000s

For what I can read on the wiki the default devices used by rngd is

  • for input /dev/hwrng (-r option)
  • for output /dev/random (-o option)

RedHat Knowledgebase recommend to use rngd with

  • for input /dev/urandom (-r option)
  • for output /dev/random (-o option)

Which you could experiment with by editing the drop config

/etc/conf.d/rngd

RNGD_OPTS="-r /dev/urandom -o /dev/random"

Although - on my system it makes no difference :man_shrugging: - so sticking with the defaults as provided will likely be the best option

1 Like
4

Thanks for the help @linux-aarhus .

  1. I am familiar with the haveged page. As I described in my post, the service does not start apparently because of a kernel compatibility issue.
  2. I just read the “random number generation” page, I now know I do not have to worry about the 256 bits of available entropy, and that /dev/random is the way to go. Not sure how I can use this info though.
  3. I had not enabled the rngd system service after installing it, but I had started it successfully. It is enabled now, I have been running another generation test that is still hanging (it’s been a good 15 minutes now)

Maybe I should specify regarding the test you kindly performed that I am trying to generate a key compatible with an OnlyKey device. So I am running gpg --expert --full-gen-key and trying to generate a key type ECC and ECC (9) and elliptic curve 25519 (1) if that makes any difference.

5

About RNGD_OPTS, I cannot post links, but the Rng-tools ArchWiki page features a big warning about not using: RNGD_OPTS="-o /dev/random -r /dev/urandom"

6

I know - I don’t use it - I mention because Red Hat recommends it - I specifically said experiement with - and it is not my recommendation.

In case of contradictions - I prefer to stick with Arch Wiki …

 $ time gpg --expert --full-gen-key
gpg (GnuPG) 2.2.41; Copyright (C) 2022 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
   (9) ECC and ECC
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (13) Existing key
  (14) Existing key from card
Your selection? 9
Please select which elliptic curve you want:
   (1) Curve 25519
   (3) NIST P-256
   (4) NIST P-384
   (5) NIST P-521
   (6) Brainpool P-256
   (7) Brainpool P-384
   (8) Brainpool P-512
   (9) secp256k1
Your selection? 1
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at tor 22 aug 2024 12:27:40 CEST
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: root
Email address: root@localhost
Comment: test key ecc 25519
You selected this USER-ID:
    "root (test key ecc 25519) <root@localhost>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: revocation certificate stored as '/home/fh/.gnupg/openpgp-revocs.d/1515552A3317566279BF143539CB3495B1B8803B.rev'
public and secret key created and signed.

pub   ed25519/0x39CB3495B1B8803B 2023-08-23 [SC] [expires: 2024-08-22]
      1515552A3317566279BF143539CB3495B1B8803B
uid                              root (test key ecc 25519) <root@localhost>
sub   cv25519/0x6AF039EC11D3C8D6 2023-08-23 [E] [expires: 2024-08-22]


real    1m30,321s
user    0m0,013s
sys     0m0,005s

I just tested creating a key like you were trying - it took a little longer - due to me not creating identical passwords.

The stronger key you generate - depending on your hardware - it will take some time.

You have provided no info about your hardware - so I am speculating that your hardware is the bottleneck.

7

As I am no expert, I try to follow the same rule.

At first, I thought it was something not present, or not activated somewhere blocking entropy generation, but thanks to your link, I now understand the 256 is nothing to worry about. My hardware is not in its prime, but not an antiquity yet (I hope at least).

My graphics processor is Mesa Intel® HD Graphics 530, and I ran lscpu, and left what seems relevant.

Architecture:                       x86_64
CPU op-mode(s):                     32-bit, 64-bit
Address sizes:                      39 bits physical, 48 bits virtual
Byte Order:                         Little Endian
CPU(s):                             8
On-line CPU(s) list:                0-7
Vendor ID:                          GenuineIntel
Model name:                         Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
CPU family:                         6
Model:                              94
Thread(s) per core:                 2
Core(s) per socket:                 4
Socket(s):                          1
Stepping:                           3
CPU(s) scaling MHz:                 68%
CPU max MHz:                        3500.0000
CPU min MHz:                        800.0000
BogoMIPS:                           5202.65
Virtualization:                     VT-x
L1d cache:                          128 KiB (4 instances)
L1i cache:                          128 KiB (4 instances)
L2 cache:                           1 MiB (4 instances)
L3 cache:                           6 MiB (1 instance)
NUMA node(s):                       1
NUMA node0 CPU(s):                  0-7
8

Just to make sure I am not messing up anything. The usual way should be:

  1. install rng-tools
  2. enable (and start) rng systemd service
  3. generate a key

I mean there is nothing I am supposed to run in another terminal or anything else I am missing ?

My last attempt at generating a key with rngd.service enabled is still running btw. I tried checking the service status, everything looks fine except the same error described in my first post with rngd -f about pkcs11. It looks like this in systemd status:

rngd[67735]: [pkcs11]: PKCS11 Engine /usr/lib64/opensc-pkcs11.so Error: No such file or directory

9

Another thing I find unusual, is that when the gpg process is hanging at the entropy generation message, there is no increase in CPU usage… When I usually encrypt something with a program like veracrypt for example, I can hear the fan go wild and the computer work hard.

Don’t you think that I would have some kind of signs of hard work, or CPU saturation if the hardware was the bottleneck ?

10

Install the opensc optional dependecy package

sudo pacman -Syu opensc

then try

rngtest -t 10 < /dev/urandom

It will provide output like

 $ rngtest -t 30 < /dev/urandom
rngtest 6.16
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 8924920032
rngtest: FIPS 140-2 successes: 445860
rngtest: FIPS 140-2 failures: 386
rngtest: FIPS 140-2(2001-10-10) Monobit: 50
rngtest: FIPS 140-2(2001-10-10) Poker: 46
rngtest: FIPS 140-2(2001-10-10) Runs: 155
rngtest: FIPS 140-2(2001-10-10) Long run: 138
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=866.977; avg=4391.599; max=4768.372)Mibits/s
rngtest: FIPS tests speed: (min=163.021; avg=303.634; max=312.680)Mibits/s
rngtest: Program run time: 30000041 microseconds
rngtest: bits received from input: 17855920032
rngtest: FIPS 140-2 successes: 892088
rngtest: FIPS 140-2 failures: 708
rngtest: FIPS 140-2(2001-10-10) Monobit: 90
rngtest: FIPS 140-2(2001-10-10) Poker: 92
rngtest: FIPS 140-2(2001-10-10) Runs: 280
rngtest: FIPS 140-2(2001-10-10) Long run: 251
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=866.977; avg=4391.919; max=4768.372)Mibits/s
rngtest: FIPS tests speed: (min=112.861; avg=303.743; max=312.680)Mibits/s
rngtest: Program run time: 60000084 microseconds
rngtest: bits received from input: 26786980032
rngtest: FIPS 140-2 successes: 1338299
rngtest: FIPS 140-2 failures: 1050
rngtest: FIPS 140-2(2001-10-10) Monobit: 130
rngtest: FIPS 140-2(2001-10-10) Poker: 127
rngtest: FIPS 140-2(2001-10-10) Runs: 410
rngtest: FIPS 140-2(2001-10-10) Long run: 389
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=866.977; avg=4392.048; max=4768.372)Mibits/s
rngtest: FIPS tests speed: (min=112.861; avg=303.780; max=317.891)Mibits/s
rngtest: Program run time: 90000121 microseconds
rngtest: bits received from input: 35750040032
rngtest: FIPS 140-2 successes: 1786118
rngtest: FIPS 140-2 failures: 1384
rngtest: FIPS 140-2(2001-10-10) Monobit: 184
rngtest: FIPS 140-2(2001-10-10) Poker: 176
rngtest: FIPS 140-2(2001-10-10) Runs: 525
rngtest: FIPS 140-2(2001-10-10) Long run: 507
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=829.282; avg=4396.598; max=4768.372)Mibits/s
rngtest: FIPS tests speed: (min=112.861; avg=304.068; max=317.891)Mibits/s
rngtest: Program run time: 120000175 microseconds
rngtest: bits received from input: 44680120032
rngtest: FIPS 140-2 successes: 2232293
rngtest: FIPS 140-2 failures: 1713
rngtest: FIPS 140-2(2001-10-10) Monobit: 242
rngtest: FIPS 140-2(2001-10-10) Poker: 217
rngtest: FIPS 140-2(2001-10-10) Runs: 645
rngtest: FIPS 140-2(2001-10-10) Long run: 620
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=681.196; avg=4395.688; max=4768.372)Mibits/s
rngtest: FIPS tests speed: (min=112.861; avg=304.018; max=317.891)Mibits/s
rngtest: Program run time: 150000198 microseconds
^Crngtest: bits received from input: 49587540032
rngtest: FIPS 140-2 successes: 2477473
rngtest: FIPS 140-2 failures: 1904
rngtest: FIPS 140-2(2001-10-10) Monobit: 264
rngtest: FIPS 140-2(2001-10-10) Poker: 245
rngtest: FIPS 140-2(2001-10-10) Runs: 711
rngtest: FIPS 140-2(2001-10-10) Long run: 695
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=515.500; avg=4395.876; max=4768.372)Mibits/s
rngtest: FIPS tests speed: (min=112.861; avg=304.020; max=317.891)Mibits/s
rngtest: Program run time: 166473917 microseconds

[...]
11

I cannot make sense of it, but I think there is something wrong with my gpg setup somehow.
Anything that has to do with private keys hangs forever …

I have the Proton Mail private key file I exported earlier. I am trying to import it with gpg or gpg2:

  • gpg --import key.asc: public key immediately imported according to output, then it hangs
  • gpg -k shows the public key
  • gpg -K outputs nothing, hangs until I interrupt it.

I am working on a fresh install that is two weeks old, and , I just did some basic configuration work on it like rclone, borg, systemd mounts… Do you have any idea why that would happen ?

12

gpg2 is symlink to gpg - so results will be the same.

proton mail is using ed25519@4096 if I recall correct - of course it depends on what you choose when generating the key - but it is the recommended type

Next to none … :question:

Force correct permissions onto your .gpg folder

chmod 700 ~/.gnupg
cd ~/.gnupg
find . -type f | sudo xargs -d'\n' chmod 600
find . -type d | sudo xargs -d'\n' chmod 700

You could start from scratch

rm -rf ~/.gnupg

Running rngtest as root using /dev/hwrng produces a slower result but zero failures

 # rngtest -t 30 < /dev/hwrng
rngtest 6.16
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 1980032
rngtest: FIPS 140-2 successes: 99
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=62.592; avg=64.343; max=64.547)Kibits/s
rngtest: FIPS tests speed: (min=103.660; avg=120.089; max=156.340)Mibits/s
rngtest: Program run time: 30067197 microseconds
rngtest: bits received from input: 3960032
rngtest: FIPS 140-2 successes: 198
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=62.592; avg=64.353; max=64.650)Kibits/s
rngtest: FIPS tests speed: (min=103.660; avg=120.553; max=156.340)Mibits/s
rngtest: Program run time: 60124992 microseconds
rngtest: bits received from input: 5940032
rngtest: FIPS 140-2 successes: 297
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=62.592; avg=64.340; max=64.650)Kibits/s
rngtest: FIPS tests speed: (min=103.660; avg=123.371; max=227.065)Mibits/s
rngtest: Program run time: 90204959 microseconds
rngtest: bits received from input: 7920032
rngtest: FIPS 140-2 successes: 396
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=62.592; avg=64.348; max=64.650)Kibits/s
rngtest: FIPS tests speed: (min=103.660; avg=121.016; max=227.065)Mibits/s
rngtest: Program run time: 120259380 microseconds
^Crngtest: bits received from input: 8760032
rngtest: FIPS 140-2 successes: 438
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=62.592; avg=64.346; max=64.650)Kibits/s
rngtest: FIPS tests speed: (min=103.660; avg=122.522; max=227.065)Mibits/s
rngtest: Program run time: 133017172 microseconds
13

Thank you very much for all your help, thanks to all the logs, and links I could understand that there was nothing wrong with my system, but looking at the outputs you posted, I could see that every single command hanging was involving private keys sure, but the hanging was happening right before password prompt was supposed to happen.

All the modifications I had done lately to get this security key to work simply messed up my pinentry setting, so the gpg program did not know how to prompt for a password, and kept hanging instead of throwing an error.

Thanks again, I would still be cursing at my laptop without your help, I really appreciate it.

1 Like
14

I would never have thought of that - I am glad you found it.

15

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.