GPG key pair generation: What do the plus and minus signs mean


I just generated a new GPG key pair and gpg displays some random plus, minus, greater than, less than and circumflex signs. I was always wondering what they mean. Can you explain it to me?

iblue@nerdpol:~$ gpg --gen-key
[... snip ...]

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Best Answer

These are progress indications from the key generation process. Since key generation can be slow, you get a bit of an animated display. The details of the display are pretty obscure and not useful except (a little) for debugging some very specific part of GPG.

You're seeing an El Gamal key pair generation. GPG needs to generate several numbers with specific mathematical properties. Some of these numbers, for example prime numbers, are generated by trial and error (generate a random number in approximately the right range, test if it has the requisite properties, req). GPG print:

  • a newline after successfully generating a prime or generator;
  • < and > if a randomly generated prime is rejected for not being in the proper range;
  • ! if a prime is rejected for not being suitable after all;
  • ^ when trying a candidate generator;
  • . if a randomly generated candidate prime p turns out not to be prime and GPG tries p+2;
  • : if a randomly generated candidate prime turns out not to be prime and GPG tries a fresh random number;
  • . if a simple primality test fails;
  • + if a long primality test succeeds.

If you want the detailed list, look at calls to progress in cipher/dsa.c, cipher/elgamal.c and cipher/primegen.c in the GPG source.