GNU Privacy Guard, GPG for short, is a free open source tool that implements the OpenPGP specification. PGP is commonly used for the encryption and signing of emails and files.
A core part of the PGP system is the cryptographic keys. The gpg utility supports generating such cryptographic keys. In this tutorial, we’ll look at how to generate cryptographic keys quickly using gpg.
2. Generating Keys With gpg
To generate a pair of keys with gpg, we use the –gen-key option:
$ gpg --gen-key
First, it’ll prompt for your name and email. Then, once we supply the necessary inputs, it starts generating the key. Depending on how busy our computer is, the gpg utility might output a message like the one below:
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy!
To generate strong cryptographic keys, we need the ability to generate truly random bytes. Entropy is the measure of the randomness in the system. So, to generate strong cryptographic keys, we need to increase the entropy of the system. Let’s now see how to do this.
3. Increasing the Entropy
As seen earlier, generating strong cryptographic keys needs high entropy. So, when the system is low on entropy, it usually takes a very long time to generate the keys.
Increasing the entropy helps in generating these keys quickly. There are several ways to increase entropy. Here, we’ll see some of the options we have:
- Extensive GUI operations
- Extensive disk operations
- Use external processes
Importantly, we should do these operations while running the gpg command to generate the key. The entropy generated by these operations will be used by the gpg command. Now, let’s look at an example for each option above.
3.1. Extensive GUI Operations
First, let’s look at the GUI-based option. One way to achieve extensive GUI operations is to move the mouse rapidly. When we move the mouse rapidly, the UI has to render the mouse pointer in the UI just as rapidly. This generates randomness in the process.
However, this is the least preferred option as it involves effort from the user. Also, this approach assumes that the machine has GUI, which might not be the case on servers.
3.2. Extensive Disk Operations
Next, let’s look at the generating entropy using disk operations. When we do multiple random operations on the disk, the system entropy increases. One simple way to do extensive disk operations is using the find command. As mentioned earlier, we should run the find command alongside the gpg command that generates keys. Here’s an example:
find / > /dev/null
This command traverses from the root filesystem and lists every file and folder recursively.
However, we need to remember that this is a long-running command. So, once we generate enough entropy, we can kill this command using Ctrl + C.
3.3. External Process
While it is easy enough to generate randomness by running the find command, there are utilities that run as background daemons that do a better job. One such example is haveged.
It’s a daemon that generates randomness based on the HAVEGE algorithm. We can install haveged for the distribution of our choice, and it maintains the entropy of the system consistently, making it easy for utilities like gpg to make use of the randomness. Installing haveged is quite easy.
On Debian/Ubuntu, we can use the following commands to install haveged:
$ sudo apt update
$ sudo apt install haveged
Likewise, on Fedora/RHEL, we can do the following to install haveged:
$ dnf update
$ dnf install haveged
Once we install it, haveged runs as a daemon in the background automatically. No additional steps are needed.
In this article, we saw how to generate cryptographic keys with gpg and how it can take time due to the lack of randomness. We then saw the various ways by which we can increase the entropy.