Some bugs in 0.4.3? (was: A sunday release)

Werner Koch wk at
Tue Nov 10 09:41:17 CET 1998

Roland Rosenfeld <roland at> writes:

> Now it takes only some seconds to import my complete PGP 2 keyring
> (~2MB) (--fast-import) and creating the trustdb (--update-trustdb)
> takes only some minutes and very less memory.

And I checked it with a 70 meg RSA keyring and the first 50 megs of the
the keyring from the new keyservers.  I think that a DB which uses
extendible hashing is a good way to store the keyblocks.  Because pgp
keyids and fingerprints are highly random, a modification of gdbm may
be more suitable.  Consider that the keyids of all v4 packets are the
last bytes of the fingerprint, so there is no need to store both of
> because checking a simple PGP signature (RSA) now seems to run
> "forever" (it runs for 12 minutes now, with 98% CPU usage). ps shows
> me, that mutt runs the following command:

I already noticed that and I found more missing stuff in g10/trustdb.c 

> gpg: Good signature from "TC TrustCenter, Hamburg, Germany,;
> +Organization Key; <info at>"
> gpg: Interrupt caught ... exiting
> Here I also pressed Ctrl-C and the message is decrypted. Seems, that
> gpg is searching for something, which isn't needed, because decryption 
> is done and the signature is checked...

It wants to check whether the signature is valid. 

> /usr/local/bin/gpgm --no-verbose --batch --with-colons --list-keys
> which runs a long time (4 minutes now with 97% CPU time). I tried this 
> command out by hand and found out that this behavior seems to depend
> on the --with-colons option (without this option gpgm outputs the keys 

--with-colons list the validiyt if the key, so it has to do some
trust checking stuff - we really need to cache the validity of keys.


More information about the Gnupg-devel mailing list