📅 July 1, 2015
Does GPG or GPG2 seem to hang in your terminal when generating or modifying a key?
GPG used to function perfectly, and it still does in Windows, but there seems to be some form of glitch when generating keys in Ubuntu, Linux Mint, or Xubuntu that causes GPG to never complete the key generation process because GPG is waiting for entropy. The rest of the system runs fine, but the GPG terminal hangs at the “gather enough entropy prompt” and never completes.
Or, maybe I am the only one who has experienced this consistent issue?
Good news! There is a resolution for this occurrence. The issue seems to be a lack of entropy. The system runs out of entropy that is never replenished, so GPG2 waits, and waits, and waits.
GPG/GPG2 seems to hang infinitely at this part of the key generation. Typing and other actions have no effect.
1. Install gpg2 Â (Optional)
GPG2 has nothing to do with the solution, but I would recommend installing gnupg2 anyway either from Synaptic or the command line.
sudo apt-get install gnupg2
Some programs, such as Enigmail for Thunderbird, require gpg2 due to its improved security and bug fixes (according to Enigmail).
2. Install rng-tools
sudo apt-get install rng-tools
This is the key. Even though GPG instructs moving the mouse, typing commands, or doing something else with the system, it never works for me. Those actions never generated enough entropy, so GPG would continue to hang for minutes or even hours no matter what I did.
rng-tools contains the rngd daemon that acts as a bridge between the hardware random number generator and the Linux kernel’s random number generator (according to Synaptic). The hang-up might be related to specific hardware chipsets (such as my particular motherboard), but for some reason, GPG works after installing rng-tools.
3. Run rngd
rngd is the daemon process. It might autorun upon installation, but if not, start it in a terminal.
sudo rngd -r /dev/urandom
There is wealth of options available for rngd, so please consult man rngd for details. The only option we need is the -r (read) option that specifies the source for rngd from which it will gather bits. /dev/urandom is the same random source we are already familiar with, and it works fine.
Start rngd before generating gpg keys, or if GPG hangs on the entropy prompt, start rngd. Either way, GPG completes within a few seconds.
Viewing the System Entropy
A lack of entropy for GPG seems to be the cause of the hang, and we can confirm this by running this command
cat /proc/sys/kernel/random/entropy_avail
to display the remaining entropy.
Or, we can watch the entropy in real time with,
watch -n 0.2 cat /proc/sys/kernel/random/entropy_avail
When GPG is not running, we should see a high number, such as 3105. GPG consumes entropy, and this consumption causes the lower values, such as 8, 3, 54, 13, and 27.
Showing how much entropy is available before and during GPG’s execution.
I ran this check before and during GPG hanging up. The three results that list 3105, 3109, and 3112 were executed before gpg2 –gen-key. The lower numbers were obtained when gpg2 paused at the entropy gathering prompt. Apparently, GPG consumes entropy, but the entropy is not being refilled and that causes the hang-up.
I tried (much) typing and moving the mouse as instructed for well over a minute, and this caused the value to increase slightly to 54, but then it dropped back to 3. Entropy is not being replenished fast enough, and typing keys is too slow. This why rngd helps. With rngd running, key generation completes within seconds automatically.
Watching cat /proc/sys/kernel/random/entropy_avail seems to confirm this theory. Without rngd running (execute sudo killall rngd to kill the rngd process), the entropy would start high and then stay in the single to double digits and never replenish. This causes GPG to apparently hang. Starting rngd again (in a separate terminal while GPG is still running) causes the entropy to replenish and GPG completes the key generation.
Delightly Linux 