tweeeetyのぶろぐ的めも

アウトプットが少なかったダメな自分をアウトプット<br>\(^o^)/

【GnuPG】linuxにsshして実行したgpg --gen-keyが止まる対応メモ

はじめに

タイトルの通りなのですが、gpgで鍵を生成したくgpg --gen-keyを実行すると止まったようなハングしたような感じになります。

それの対応方法。

もくじ

原因

これは「SSH越しだとキーボードやマウスの入力割り込みを取得でずにエントロピーの収集がなかなかできないことが原因」とのこと。

やりかた

別のターミナル(セッション)でSSHして、ディスクアクセスをすればよいとのこと。

# 別のターミナルで
$ ssh [your host]

# 無駄にディスク書き込み
$ dd if=/dev/urandom of=/tmp/mass bs=1M count=16384

#
# gpg --gen-key が終わったら...
#

# でかいファイルができてしまうので削除
$ rm /tmp/mass

gpg --gen-keyのほう

# 実行

$ gpg --gen-key
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: B-san
Email address: b-san@example.com
Comment: create sample gpg-key
You selected this USER-ID:
    "B-san (create sample gpg-key) <b-san@example.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

can't connect to `/home/tweeeety/.gnupg/S.gpg-agent': No such file or directory
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

# 
# ここでかなり時間がかかる
# 別の端末で入ってディスクアクセスしている中
# 


gpg: key 6C69D687 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   1024R/6C69D687 2021-05-08
      Key fingerprint = 18EC A643 6499 ADF3 A059  8B00 606D 8473 6C69 D687
uid                  B-san (create sample gpg-key) <b-san@example.com>
sub   1024R/8F252715 2021-05-08

参考

おわりに

別端末でディスクアクセスさせないと30分くらい待ってた気がする...。