gpg locks up with certain key servers
David Shaw
dshaw at jabberwocky.com
Fri Aug 10 06:29:05 CEST 2007
On Thu, Aug 09, 2007 at 12:56:43PM +0400, Andrew Zabolotny wrote:
> Hello!
>
> I have the following statement in my gpg.conf file:
>
> keyserver x-hkp://pgp.mit.edu
>
> However, pretty often gpg locks up when checking emails from
> miscelaneous people who have their public keys on that server for
> unknown reason. This happens like this:
>
> [3|zap at zap|~]gpg msg
> Detached signature.
> Please enter name of data file: msg
> gpg: Signature made Thu Aug 9 10:46:32 2007 MSD using DSA key ID
> 307D56ED gpg: requesting key 307D56ED from hkp server pgp.mit.edu
That key is somewhat mangled on that keyserver. If you look at the
key data itself, it's 1.2 megabytes long with 8662 signatures. The
key is really only about 745k long with 4639 signatures.
> This does not happen if I use other key servers. However, I think gpg
> shouldn't behave so even if key server behaves incorrectly. I have
> signature checking automatically enabled in my email program (sylpheed
> claws) and pretty often I have to kill the email client that locks up
> badly because of this gpg behavior.
pgp.mit.edu runs the pks keyserver software. There is a reasonably
common bug in pks where it makes extra copies of user IDs, and any
signatures that are on those user IDs. That is why the key size is
almost doubled.
GPG isn't actually locking up here - it's just very slow. The reason
for the slow import of that key is the need for GPG to detect and
remove the duplicated packets. On my machine, it takes just under an
hour to process that key.
The algorithm currently in GPG for detecting and repairing the
duplication is not as efficient as it could be. I'll have a look at
it and see what I can do.
David
More information about the Gnupg-devel
mailing list