Key generation failed due to lack of entropy on the system. You may need to generate a GPG key on a desktop machine and import it into Virtualmin instead.

Failed to create backup key : Key generation failed : Key generation failed due to lack of entropy on the system. You may need to generate a GPG key on a desktop machine and import it into Virtualmin instead.

So you’re running Virtualmin and would like to encrypt your backups before they leave your server?
Unfortunately it would seem that some older, more quiet systems (or virtual systems) suffer from a lack of entropy.
The general advice it to move the mouse and use the keyboard, both which are not going to do much on a server.
Some people will recommend you use urandom as a source of random material (That’s a very bad idea!)

I’ve found Virtualmin to be extremely impatient when it comes to generating the key and found that if you’re willing to be patient you can better do this from the command line and just import the key into Virtualmin instead.
Also, you can follow these instruction on a local machine that does have sufficient entropy.
Here are my step by step instructions:

gpg –gen-key

gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

 

Please select what kind of key you want:

(1) RSA and RSA (default)

(2) DSA and Elgamal

(3) DSA (sign only)

(4) RSA (sign only)

Your selection? 1

RSA keys may be between 1024 and 4096 bits long.

What keysize do you want? (2048) 

Requested keysize is 2048 bits

Please specify how long the key should be valid.

0 = key does not expire

<n>  = key expires in n days

<n>w = key expires in n weeks

<n>m = key expires in n months

<n>y = key expires in n years

Key is valid for? (0)

Key does not expire at all

Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: <Server> Backups 2013

Email address: <server>@<company>.com

Comment: <Server> backups 2013

You selected this USER-ID:

“<Server> Backups 2013 (<Server> backups 2013) <<server>@<company>.com>”

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

You need a Passphrase to protect your secret key.

can’t connect to `/root/.gnupg/S.gpg-agent’: No such file or directory

You don’t want a passphrase – this is probably a *bad* idea!

I will do it anyway.  You can change your passphrase at any time,

using this program with the option “–edit-key”.

We need to generate a lot of random bytes. It is a good idea to perform

some other action (type on the keyboard, move the mouse, utilize the

disks) during the prime generation; this gives the random number

generator a better chance to gain enough entropy.

We need to generate a lot of random bytes. It is a good idea to perform

some other action (type on the keyboard, move the mouse, utilize the

disks) during the prime generation; this gives the random number

generator a better chance to gain enough entropy.

<snip>

public and secret key created and signed.

<snip>

 

Look at the bolded parts for your input and be sure to replace the <Server> with your server name (whatever you want it to be) and same for <Company>
For example: [email protected]

Once you have generated the key you need to export it, list it first:

gpg –list-keys

/root/.gnupg/pubring.gpg

————————

pub   2048R/1074… 2013-12-15

uid                  <Server> Backups 2013 (<Server> backups 2013) <<server>@<company>.com>

sub   2048R/443F… 2013-12-15

It should list more, as your keychain also includes GPG for the Virtualmin repo.

You export the key using the ID for the “sub” part of your key. Of course you should use the full value as shown by the output.

gpg –output <server>.gpg –armor –export-secret-key 443F…

This gives you the ASCII version of your private key that you can offer to Virtualmin, you can either copy paste it into your browser or point to the file locally.
Hope this helps you encrypt your backups

Leave a Reply