--check-trustdb very slow (2+ hours) for large keyrings (6k keys, 906k sigs)

Robin H. Johnson robbat2 at gentoo.org
Mon Jun 20 06:42:36 CEST 2011


I need a way to speed up the trustdb check. As my keyring has grown over the
years, it's become intractably slow. I already have no-auto-check-trustdb, and
normally do a weekly check, but whenever I sign a key (at least once a week),
GPG requires a trustdb check before the trust are usable for that key.

How big is my keyring?
$ time gpg --with-colon --fast-list-mode --list-sig |cut -d: -f1 | sort | uniq -c
gpg: please do a --check-trustdb
   6410 pub
   5532 rev
    167 rvk
 906030 sig
   7915 sub
      1 tru

real 1m9.699s
user 1m10.102s
sys  0m0.360s

(Dropping fast-list-mode causes list-sig to be in the realm of 20-30 minutes).

The system is a Core2 Quad Q6600, 2.4Ghz, w/ 6GiB of RAM. It's not hitting swap.
Compiled w/ CFLAGS/CXXFLAGS='-march=nocona -O2 -pipe'

====
gpg (GnuPG) 2.0.17
libgcrypt 1.5.0-beta1
...
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, 
        CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
====

-- 
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail     : robbat2 at gentoo.org
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 330 bytes
Desc: not available
URL: </pipermail/attachments/20110620/24e1f236/attachment.pgp>


More information about the Gnupg-devel mailing list