Unable to use "transient-key" when generating a batch GPG key

I'm generating a few test keys, but I can't seem to use the %no-protection and %transient-key flags. I get the following message:

$ cat dwight | gpg --homedir "dwight-keys" --gen-key --batch
gpg: keyring `dwight-keys/secring.gpg' created
gpg: keyring `dwight-keys/pubring.gpg' created
gpg: Generating a key for Dwight Schrute
gpg: skipping control `%no-protection' ()
gpg: skipping control `%transient-key' ()

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 27 more bytes)
......+++++

The error message states the %no-protection and %transient-key controls are skipped. This you can see as the key generator is trying to pull the random bytes from /dev/random which if I understand the documentation correctly, %transient-key is supposed to prevent.

This is the config file I am using to generate the key:

%echo Generating a key for Dwight Schrute
%no-protection
%transient-key
Key-Type: RSA
Key-Length: 4096
Subkey-Type: RSA
Subkey-Length: 4096
Name-Real: Dwight Schrute
Name-Email: dwight.schrute@dundermifflin.com
Creation-Date: 2005-03-24
Expire-Date: 0
%commit
%echo Key generated

IQAndreas

Posted 2014-09-19T05:35:20.010

Reputation: 2 317

Fun fact, Googling the error message just leads me to the source code of GPG and a single reference to the error message in an old archived 4chan thread.

– IQAndreas – 2014-09-19T05:35:28.027

Even worse, running gpg --version I see I'm using 1.4.16. I assumed the version found in the Ubuntu repositories would be a bit more up to date. – IQAndreas – 2014-09-20T14:44:47.480

1Ubuntu has both. gnupg2 for the 2.0 branch, tho you'll probably have to find a PPA for 2.1 – kyrias – 2014-09-20T14:51:29.143

Unable to use "transient-key" when generating a batch GPG key

Answers