Page MenuHome GnuPG

GPG becomes slow with big keyrings
Closed, ResolvedPublic

Description

Release: 1.2.4

Environment

Debian Linux testing
Dual-Athlon 1500+

Description

GPG needs very long time to verify signatures after the keyring has grown to over 200 keys (or 2MB).

It takes 30s-2min for the first signature after several hours of not using GPG, it returns to the usual speed (<5s) afterwards.

Fix

Read or mmap public keyring in bigger chunks before parsing it. Alternatively use an indexed database format for the keyring.

Event Timeline

Although the way we handle keyrings is very slow, this is not the actual problem. I am using a far larger keyring without any problems.

What happens to you is that after adding a new key the trust information has to be rebuild and that takes it time. An old Elgamal signing key in the keyring will furthermore slow it down.

You should add the option no-auto-check-trustdb to gpg.conf and run "gpg --check-trustdb" either from a cronjib or manually after gpg tells you that a trustdb check is due.