[2014-12-08 08:18:29 +1000] Allan McRae:
My only comment is to add a comment about using haveged. I have not successfully generated a key without it running lately...
Good idea. Here is an updated proposal: The upgrade to gnupg-2.1 tampered with the pacman keyring in a way that rendered the local master key unable to sign other keys. This is only an issue if you ever intend to customize your pacman keyring. We nevertheless recommend all users fix this by generating a fresh keyring. In addition, we recommend installing haveged, a daemon that generates system entropy; this speeds up critical operations in cryptographic programs such as gnupg (including the generation of new keyrings). To do all the above, run as root: pacman -Syu haveged systemctl start haveged systemctl enable haveged rm -fr /etc/pacman.d/gnupg pacman-key --init pacman-key --populate archlinux Cheers. -- Gaetan