问题
While attempting to generate GPG keys (using gpg --gen-key), it may hang after emitting the message:
Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 278 more bytes)
gpg (GnuPG) 1.4.16
Ubuntu 14.04.2 LTS
回答1:
Although rng-tools will work, this is not suggested since it doesn't provide real entropy. See the discussion here: https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/706011
For users that are frustrated by this, here are some things I found helpful on a server with no mouse/desktop.
1) Go through the process of creating the GPG key. If it hangs waiting for more entropy, go to the next step.
2) You can watch how much entropy your system has by opening a terminal and type (this will look at that file every second):
watch -n1 cat /proc/sys/kernel/random/entropy_avail
3) Open a third terminal to generate your entropy. You can try various things to try to boost that entropy. Here are some things that I noticed increased the entropy sufficiently to make gpg work. Note that this was somewhat random (no pun intended). Sometimes doing something would increase the entropy; but when I do it again, it does not:
Get a large file from the internet
wget http://us1.php.net/get/php-7.2.2.tar.bz2/from/this/mirror
Do something that prints a lot of stuff to the terminal:
ls -R /
sudo find /folder/with/lots/of/files/ -type f | xargs grep 'simple string that shows up in lots of files'
4) If what you are doing does not increase the entropy_avail, then try something else.
回答2:
Edit: This advice should not be followed in general as it does not generate secure keys. See juacala's answer, or stackoverflow.com/questions/11708334 for details.
Turns out this is a known issue: https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/706011
I resolved it by installing rng-tools.
ie sudo apt-get install rng-tools
Then gpg --gen-key works as expected.
回答3:
sudo apt install haveged
That will install haveged service, which collects entropy and fills /dev/random much more effectively. You don't need to run any additional commands after installing haveged, it will automatically start the service. systemctl status haveged to verify the service is running. You can also cat /dev/random to demonstrate that it can continuously provide values. In my test, gpg --gen-key completed in 10 seconds with haveged installed.
If you don't want to install anything, you can generate entropy in other ways, but it's much slower than haveged (about 10x slower in my tests). Run this in another terminal while gpg --gen-key is running:
while true; do
# print entropy available
cat /proc/sys/kernel/random/entropy_avail
# write a 1 MB stream of zeros to /tmp/foo
# "conv=fdatasync" flushes the disk cache
dd bs=1M count=1 if=/dev/zero of=/tmp/foo conv=fdatasync
done
# one liner
while true; do cat /proc/sys/kernel/random/entropy_avail; dd bs=1M count=1 if=/dev/zero of=/tmp/foo conv=fdatasync; done
来源:https://stackoverflow.com/questions/32941064/gpg-hangs-on-entropy-generation