PGP: Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy

Question

Setup : Ubuntu Server on Virtual Machine with 6 cores and 3GB of RAM.

when I am trying to generate a asymmetric key pair via GPG like this gpg --gen-key . I get the following error :

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy!

I tried to google a little bit. This is what I realise , I need to fire up another terminal and type in cat /udev/random --> It randomly generates a series of randomly generated values to increase the entropy.

I dont see any change in here watch cat /proc/sys/kernel/random/entropy_avail

and it still persists to give me the same error

http://mailman.archlinux.org/pipermail/arch-general/2011-October/022273.html — ta.speot.is, Jul 29 '12 at 10:06
I tried to do `gpg --gen-key --no-use-agent` . It still does not work — user1524529, Jul 29 '12 at 10:36
I believe the "magic" that makes it work is `rngd -f -r /dev/urandom` — ta.speot.is, Jul 29 '12 at 12:14
you mean `rngd -f -r /dev/random` P.S: Ubuntu does not offer `urandom`. Only ArchLinux does — user1524529, Jul 29 '12 at 12:16
[The documentation](http://manpages.ubuntu.com/manpages/precise/man4/random.4.html) suggests otherwise. — ta.speot.is, Jul 30 '12 at 09:36
I think you mean `/dev/random`, not `/udev/random`. I'd be a bit surprised if that works, though; I'd expect it to *consume* entropy rather than generating it. — Keith Thompson, Nov 18 '13 at 16:45

score 84 · Answer 1 · edited Nov 18 '13 at 15:41

84

Run the following:

find / > /dev/null

That helped me quickly to complete my key generation.

edited Nov 18 '13 at 15:41

Jonathan Hall

75,165
16
143
189

answered Oct 19 '13 at 20:46

zdenekca

1,174
8
8

1

You have to be basically run a long running OS command that can generate system entropy. Such a command has to be run in parallel with the 'gpg --gen-key' command in another terminal window. One of the commands that can generate entropy is the above find command, or even the 'sudo aptitude install haveged' command given in the below answer. – Binita Bharati Jan 09 '17 at 09:27
1

Works great on remote connections when combining with `ctrl + Z` to move it to the background first, and to return it to foreground afterwards with the `fg` command. – MS Berends Aug 14 '17 at 19:06
On a lean ubuntu server, `find /` only took a few seconds and barely added 50 bits to `entropy_avail`. `haveged` worked. Or if you don't want to install anything, you can use the [md5sum method](https://stackoverflow.com/questions/11708334/pgp-not-enough-random-bytes-available-please-do-some-other-work-to-give-the-os/35311113#35311113). – wisbucky Jul 09 '19 at 01:26

score 65 · Answer 2 · answered Feb 11 '14 at 15:27

65

Try installing haveged, this is a daemon, which helps the system with generating random numbers for your key.

sudo aptitude install haveged

answered Feb 11 '14 at 15:27

mieciu

651
5
3

5

Thanks. GPG immediately finished after installing haveged. – pommes Feb 20 '16 at 08:58
3

This worked where rng-tools failed even to run: "Cannot find a hardware RNG device to use". I'm guessing because I'm on a virtual and no such device has been made available. I've lost count of the number of things I tried before installing haveged. Thanks. – whoasked May 10 '16 at 10:48
Neither cat {dev/random > /dev/null & nor the stress command worked but haveged did work!!! – murungu May 20 '16 at 13:03
`haveged` worked perfectly. I installed it, generated the key I needed, then uninstalled it. Gets the job done. – Dave Dec 21 '16 at 00:37
4

This should be the BEST answer. My GPG generation completed in less than a second. `find / > /dev/null` did not work for me. – summerNight Feb 09 '17 at 22:56
This worked great for me as well. Would add to the answer that the command to start haveged in daemon mode is `sudo haveged --run=0` – Matthew Cole Jun 06 '17 at 16:01
1

@MatthewCole, you shouldn't need to run any commands after installing with `apt install haveged`. `man haveged` says `--run Default is 0`. You can verify with `systemctl status haveged` to check if the service is running. – wisbucky Jul 09 '19 at 01:30
@wisbucky I've upvoted your comment because I just installed haveged again and verified that what you said was correct for Ubuntu 18.04LTS. But when I wrote the comment, for whatever reason I did have to start it in daemon mode. I think I was either on Ubuntu 14.04LTS or 16.04LTS back in 2017, but don't recall for sure. – Matthew Cole Jul 10 '19 at 20:42

score 16 · Answer 3 · answered Feb 28 '14 at 09:51

16

Step 1 Run on a shell first and let it run ls / -R

Step 2 Now try to generate the key it will be done

for more info follow http://alsdias.blogspot.jp/2012/11/gpg-not-enough-random-bytes-available.html

answered Feb 28 '14 at 09:51

Triangle

1,477
3
22
36

3

For anyone wondering why this works: hard drives, being physical devices, have a certain amount of randomness inherent in their operation. The Linux kernel takes advantage of this to add a little bit of entropy whenever the disk drive is used; `ls / -R` creates a lot of disk activity and therefore a lot of randomness. – Wolfgang Feb 25 '15 at 01:31
On a lean ubuntu server, `ls -R /` only took a few seconds and barely added 50 bits to `entropy_avail`. `haveged` worked. Or if you don't want to install anything, you can use the [md5sum method](https://stackoverflow.com/questions/11708334/pgp-not-enough-random-bytes-available-please-do-some-other-work-to-give-the-os/35311113#35311113). – wisbucky Jul 09 '19 at 01:27

score 8 · Answer 4 · answered Feb 10 '16 at 09:22

8

I've tried different tricks while watching the /proc/sys/kernel/random/entropy_avail value. But trying to make an MD5 hash of an entire disk really gave my system entropy on steroids without installing extra packages.

find /dev/disk/by-uuid/ -type l | xargs md5sum

answered Feb 10 '16 at 09:22

Thomas Lobker

436
4
5

This one is definitely the way to go. – cptHammer Apr 11 '16 at 08:17
fyi, what this command is essentially doing is `md5sum /dev/sda`, but it's looking up the actual disk device name from the symlink in `/dev/disk/by-uuid` – wisbucky Jul 09 '19 at 00:20
On a lean ubuntu server, `find /` and `ls -R /` only took a couple seconds and only added about 50 bits to `entropy_avail`. This did the trick, after a minute, it filled up the `entropy_avail` to 2000 bits, and I was able to run `--gen-key` without hanging. If you don't mind installing a package, `haveged` also works great. – wisbucky Jul 09 '19 at 01:14

score 5 · Answer 5 · answered Nov 11 '14 at 16:23

5

Trying installing rngd. If your CPU if reasonably modern it will have a hardware random number generator built in, and rngd will use this to generate enough entropy.

Watch out for people telling you to run rngd -r /dev/urandom. While this will get rid of your error, it does it by faking entropy and leads to insecure keys.

answered Nov 11 '14 at 16:23

Chris Jefferson

7,225
11
43
66

FYI, on ubuntu you install it with `sudo apt install rng-tools`. It will automatically start the service, `systemctl status rng-tools`. You don't need to run any additional commands. However, `rng-tools` doesn't work well on a VM because it probably won't have access to the CPU TRNG. `haveged` works much better on a VM. – wisbucky Jul 09 '19 at 01:20

score 3 · Answer 6 · answered Sep 11 '16 at 10:58

Move your mouse around for 30s or so in a new tab, and then try the following:

base64 /dev/urandom

This will start printing out random code to the screen. In a few mins, sufficient amount of psuedo-random data would have been generated to complete key generation.

score 2 · Answer 7 · answered Jul 29 '12 at 12:58

2

This is what is the solution I found to it

I had to do gpg --gen-key --no-use-agent

after that in an another terminal I fired up cat /dev/random

This fortunately for me worked at the end :)

answered Jul 29 '12 at 12:58

user1524529

897
3
10
12

score 2 · Answer 8 · answered Feb 08 '16 at 18:28

try running (in another terminal tab) $cat /proc/sys/kernel/random/entropy_avail on command line, it it returns less than 100-200, then something is wrong, install rng-tools $sudo apt-get install rng-tools

That should have fixed this issue, check the previous tab and you have the key

score 0 · Answer 9 · answered Feb 14 '15 at 03:55

0

I did apt-get install libreoffice and apt-get remove libreoffice* a couple times. That did the trick. Pick some other big fat program for yourself to use.

answered Feb 14 '15 at 03:55

Dan

1,112
11
14

score 0 · Answer 10 · answered May 11 '17 at 13:59

I try to solve. I use Fedora 25 with gpg1 and gpg2 have installed as standar for mechine.

Declare about problem.
If you use Fedora 25 OS, i see gpg confict wiht ownertrust (please remove old trustdb.gpg) at otrust.tmp. and must create new trustdb.gpg.

Please follow this command at your terminal command. (not have to root mode). You may try to re-create the trustdb using the commands:

cd ~/.gnupg

gpg2 --export-ownertrust > otrust.tmp
rm trustdb.gpg
gpg2 --import-ownertrust < otrust.tmp

then you can use

gpg --list-secret-keys --keyid-format LONG
then export as asci format.
gpg --armor --export "type-here-your-secKEY"

ligand · Answer 11 · 2019-03-27T02:17:51.450

0

You can install daemons to gather entropy. This command would install two such daemons:

sudo apt-get install haveged rng-tools

I would personally perfer haveged (because of the people who have created it) over rng-tools. But, I prefer to install both since they quite different.

edited Mar 27 '19 at 02:17

answered Jul 05 '17 at 05:47

ligand

346
3
6

You might want to include explanatory text to say why that command fixes the problem, else this answer runs the risk of deletion for being low-quality – mdaniel Sep 08 '18 at 20:18

score 0 · Answer 12 · answered Sep 06 '17 at 20:02

at the end of gpg message u see parentheses like (125 byte remaining)

the gpg needs some random bytes that u must enter.so press Ctrl-z and type a random set of x(number in parentheses) characters not necessarily meaningful like: dfkheuhasdkjvdaiugekjfhflsdfhuhggskdfjhsjdf

then do it 2 or 3 times, GPG shows an answer that tells u it's done key generating:)

score 0 · Answer 13 · answered May 27 '20 at 17:37

0

 sudo apt-get install rng-tools to set it up.

Then run sudo rngd -r /dev/urandom before generating the keys.

answered May 27 '20 at 17:37

Sundar

253
2
6

score -2 · Answer 14 · answered Sep 30 '13 at 17:03

-2

Running $ sudo rngd -r /dev/urandom

Then running $ gpg --user-agent

and $ ps -ef | egrep rngd (shows process number of rngd, e.g. 9999)

then $ sudo kill 9999

worked for me on my Ubuntu 13.04 system.

answered Sep 30 '13 at 17:03

Mr Ed

5,068
1
19
12

NOOOOOO!!!! Don't run rngd -r /dev/urandom! This will generate insecure keys. Try just running 'sudo rngd', which will work if you have a hardware RNG (which many modern CPUs do), or one of the other answers here. – Chris Jefferson Nov 10 '14 at 15:56
@ChrisJefferson Why is this such a bad idea? – Joost Nov 29 '15 at 16:20
This takes insecurely generated random numbers (from urandom) and uses them to set up /dev/random, secure random. If you do this because /dev/random is epmty, you will generate easily predicted pgp keys. – Chris Jefferson Nov 30 '15 at 18:27

score -7 · Answer 15 · answered May 12 '14 at 09:07

-7

Just use another random maker under Ubuntu:

mv /dev/random /dev/chaos && ln -s /dev/urandom /dev/random

and retry your gpg command

answered May 12 '14 at 09:07

bluesway

107
1
3

2

This will break your system *badly* and *invisibly*. Your programs will no longer have a secure source of randomness, and your new key will be much easier for an attacker to guess. – Wolfgang Feb 25 '15 at 01:28

PGP: Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy

15 Answers15

Linked