> From: [email protected] [mailto:discuss-
> [email protected]] On Behalf Of Bill Horne
> 
> With the key signing coming up, I set out to generate a brand new, 4096-bit
> RSA key.
> 
> However, GPG says I need more entropy, 

BTW, how are you generating your key?  Because knowing what I know now, the 
only thing I trust anymore is to use tinhatrandom as the random source, and use 
BouncyCastle to generate the RSA key based on that random source.  But this 
would be rather low-level programatic.

Another, easier approach I would trust is:  First of all, verify that you know 
where openssl stores its seed.  
        ls ~/.rnd
        It exists?  Good, that's probably it.
        rm ~/.rnd
        openssl genrsa -out private.pem 3072 && rm private.pem
        ls ~/.rnd
        It exists again?  Good, that means your openssl command regenerated it, 
so you've definitely found your .rnd file

You can simply append randomness onto that file.  Collect random bytes from 
other computers, using tinhatrandom, etc, and append those bytes onto the 
~/.rnd file.

And then generate an RSA 3072 key.
        openssl genrsa -out private.pem 3072
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss

Reply via email to