This is fixed.

This was fixed with 3.1.9

This should be fixed.

Testing with the DGN certificate showed that GPGSM returns a signature verification error (invalid digest algorithm) in this case. So the signature summary is not even checked.

Thanks for all the fixes! I can confirm commit dad35d65f05eb1c15589a7e4755dcae6aed2d6cf works just fine on all my machines (Linux & macOS).

About importing, there are two other works: repairing and trustdb update. We can figure out the difference by the --import-options of no-repair-keys and fast-import (to skip those works).
I think that both can be O(N^2) for number of signatures.

A linked list of 100000 items is not a usable data structure. The problem however is not the linked list but the DoS due to the number of signatures being well beyond the design limit. 1000 key signatures is already a large number and only few people have them. We need to put a limit on them.

with @gniibe's patches applied, i profiled the --import, since that is where the largest CPU cost remains. I tried two different times:

I disabled the dependency rules for the figures (it's only enabled for maintainers).

@gniibe: We move this issue over to mail. I'll forward it to you.

Okay, for 100000 signature this is clearly a win if no key lookup is needed.

Fixed.

i also checked the CPU time for git tag -v, whether @gniibe's patches were applied or not.

fwiw, i tried gpg --import on the ascii-armored version of my C4BC2DDB38CCE96485EBE9C2F20691179038E5C6 OpenPGP certificate (22895014 octets, 54614 certifications), followed by gpg --list-keys and gpg --export | wc. I was comparing 2.2.17-1 (from the debian package in unstable) with the exact same source, just with @gniibe's two patches rG33c17a8008c3 and rGa7a043e82555 applied as well. I did this with GNUPGHOME set to an otherwise empty directory, where i had done touch pubring.gpg to avoid the keybox format. (the two runs did not share a GNUPGHOME).

If I were testing more, I would generate many (say, 1000, or more, for example) encrypted message by the tool (IBM Encryption Facility), to examine by GnuPG and figure out some patterns of failure.

Is this really necessary to duplicate functionality that already is provided by Web Key Directory?

While I only observed the output of --list-packet, what I see are:

With NTBTLS, it seems it works correctly.

Which SSH client are you using?

gpg-agent side is fixed to relax the error handling.

For the particular problem of --list-key with pubring.gpg, I think we can say it's fixed.

@werner : Yes, the way to go is having something like a server for keys; It can remove all unnecessary search/lookup all together.

I agree, many currently-shipped DNS client library implementations do not provide DNSSEC validity checks.

Check out the mailing list gcrypt-devel@

Sure it is not validated. Standard clients do not provide the system features to do that. That is one of the problems with DNSSEC adoption - it works only for servers in practice.

Folks, I was just wondering if I could get an update on where we are with this bug. It seems we aren't sure if it's a real issue or not. What's the latest thought?

Ah, that makes sense, good catch. Seems this is just an issue of documentation, then.

(i think that rG33c17a8008c3ba3bb740069f9f97c7467f156b54 is also relevant, though it was not tagged with this ticket)

@gniibe -- thank you very much for tracking down these O(N^2) operations and cleaning them up. I will profile the effect of those changes and report my findings.

aiui, a keyserver scheme of https:// implies that the specific URL is to be queried directly, not using any of the HKPS URL path patterns.

We should put it of the agenda od the Brussesl summit in 3 weeks. I have a few ideas what we can do in gpg.

We as GPGTools would also like to see this addition being integrated into GnuPG, since we do plan to switch to keys.openpgp.org in the near future, as we have long been hoping for a key server with better performance and among other things email verification. Without this change, revocations would not work as expected in combination with hagrid however. Preferably of course in the 2.2.X branch.

Hi Maximilian,

Hi, @JW-D, as the 'fixed' version of mailvelope has been released, could you please confirm if the issue is solved for you with mailvelope 3.3.1, or if you're still affected? Thank you.

@gniibe: I doubt that your fix really makes a difference. The majority of time is spend on searching the keyring for keys. This is why I have the gpgk thing in the works.

I pushed my change as: rT7b2c4d9dd50b: Support GCM.
Please test.

I pushed the fix. Thanks for your cooperation.

Thanks for further testing.
I realized that it's not the left border drawing problem in fact, but the newline should be between the description and passphrase line.
I'm going to fix this.

Err... my repo for 2.2 was a week old. Now, I updated, and confirmed it's there.
Thanks having the support!

Thanks for the further fix! With that only a minor hiccup remains:

Release done.

Managed to get the build correct. (patches in 1 sec)

I did this already on July 3 with commit 458973f502b9a43ecf29e804a2c0c86e78f5927a

You probably have one of the spammed keys in your keyring. This is a problem with the keyserver networks. Do not use --auto-key-retrieve and avoid using the keyservers until we provide a mitigation with the next gpg4win/gnupg release. See also T4591

Thanks for the update! With git-master, the toy example above works fine. However, pinentry-curses seems to hang with real commands from gpg. Here is an example:

$ ./curses/pinentry-curses 
OK Pleased to meet you
SETDESC 請輸入密語來解鎖 OpenPGP 私鑰:%0A%22Chih-Hsuan Yen <yan12125@gmail.com>%22%0A3072 位元長的 DSA 金鑰, ID F98EF2A7B0A098AE,%0A建立於 2018-04-25 (主要金鑰 ID 3FDDD575826C5C30).%0A
OK
SETPROMPT 密語:
OK
GETPIN

(CPU usage of ./curses/pinentry-curses goes > 90%)

I pushed the change to master.
Please test.

Please consider to backport rG914fa3be22bf: dirmngr: Support the new WKD draft with the openpgpkey subdomain. from master. Cherry-pick mostly works, only dirmngr/server.c needs manual edit (because of resolve_dns_name change).
Allowing WKD service by subdomain (openpgpkey) is good, because it is easier to deploy by separate admin, in some situations.

I pushed my change of rGc51a5685554a: scd: ccid-driver: Initial getting ATR more robustly..
With TTXS, scdaemon correctly recovers from the error.