> From: [email protected] [mailto:discuss-
> [email protected]] On Behalf Of Bill Horne
>
> With the key signing coming up, I set out to generate a brand new, 4096-bit
> RSA key.
>
> However, GPG says I need more entropy,
BTW, how are you generating your key? Because knowing what I know now, the
only thing I trust anymore is to use tinhatrandom as the random source, and use
BouncyCastle to generate the RSA key based on that random source. But this
would be rather low-level programatic.
Another, easier approach I would trust is: First of all, verify that you know
where openssl stores its seed.
ls ~/.rnd
It exists? Good, that's probably it.
rm ~/.rnd
openssl genrsa -out private.pem 3072 && rm private.pem
ls ~/.rnd
It exists again? Good, that means your openssl command regenerated it,
so you've definitely found your .rnd file
You can simply append randomness onto that file. Collect random bytes from
other computers, using tinhatrandom, etc, and append those bytes onto the
~/.rnd file.
And then generate an RSA 3072 key.
openssl genrsa -out private.pem 3072
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss