[onerng talk] How to make gnupg use OneRNG?

Jeroen Massar jeroen at massar.ch
Wed Sep 23 15:09:08 BST 2015


On 2015-09-23 15:28, Stefan Midjich wrote:
> I have successfully tested my OneRNG but I have yet to figure out how to
> use it with gpg.
>  
> Has anyone here used OneRNG with gpg?

GnuPG is just another tool sucking data out of /dev/random and other
interfaces. Thus nothing special there, it just works.

> When I generate a key in gnupg, even if the key generation takes more than
> 10 seconds, I see no dimming of the LED on the OneRNG. While if I cat
> /dev/random or run onerng_verify.py I see immediate dimming of the LED.

Is 'rngd' running and taking data from the OneRNG?

Syslog should show reports on how much data is taken into the system.

Definitely also check:
 cat /proc/sys/kernel/random/entropy_avail

to see how much randomness is available.
Use "watch cat /proc/sys/kernel/random/entropy_avail" to monitor it.

> I know the library behind gnupg is configured to automatically select a
> entropy source but from my understanding that source should be /dev/random
> on fedora but I may be wrong.

Afaik there is no knob to change that, but you can verify with strace if
you want (strace -fF gpg .... 2>&1 | grep random) what it uses.

Greets,
 Jeroen


PS: As you are playing with high-entropy and PGP, you might want to
check out Nitrokey which is a open source PGP key and a lot more:
   https://nitrokey.com/?ref=e6abea5284



More information about the Discuss mailing list