Concurrency Issues with gnupg 1.2.3: keyring is deleted
Stefan.Haller at ascom.ch
Tue Jul 27 08:58:04 CEST 2004
I have some concurrency problems with GPG. I would appreciate any help.
I wrote a service which verifies messages, afterwards processes the
message and encrypts a result to return to the caller. Such a request
arrives about once a second, sometimes more, sometimes less. In parallel,
automatic public key imports may happen in case new keys are delivered to
the system. The service runs up to 20 gnupg processes at the same time to
get a good enough performance in request processing.
I am using gnupg because PGP provides all functionality I need and I was
to lazy to program something on my own (I usually only found low-level
interfaces to such encription tasks in the existing libraries).
Problem 1: locking of keyring, minor problem
Quite often, gpg tells me that the keyring is locked (using verify, sign
or encrypt). Question: may I use the option --lock-never, or may this
corrupt the keyring because of write accesses in those functions? Of
course, I will do my own locking for updates that locks out verify, sign
and encrypt functions in this case. Solution two (a bit less obfuscated)
would be to spot the exit code if a lock file caused unsuccessful exit and
rerun the operation in this case. Unfortunately, from what I see in
g10/keyring.c it seems that gnupg returns always G10ERR_GENERAL in error
cases, therefore, I will have to define my own return code that indicates
Problem 2: keyring is completely deleted, fatal problem
Yesterday, my whole public key ring was deleted by gnupg (note, I'm not
using the --lock-never function yet, current options are --batch,
--no-secmem-warning and --always-trust).
Well it happend that the system was importing several keys while the
service was running. An import was happening and at the same time a verify
was started. The verify returned the message '"pubring.gpg" created' and
the whole ring was suddently 0 bytes. The backup was gone, too, because
more keys were imported afterwards. Therefore, I suspect that locking does
not work appropriately when importing. Do you confirm that?
I would appreciate any advice on how to solve this. Or should I abandon
gnupg completely as it is not intended to be used with more than one
instance for the same user?
Thank you for your time.
Ascom Autelca Ltd.
+41 31 999 65 06
+41 31 999 65 82
stefan.haller at ascom.ch
More information about the Gnupg-devel