GnuPG 2.1.0: key too large, import stops

Werner Koch wk at gnupg.org
Mon Nov 24 09:39:49 CET 2014


On Sat, 22 Nov 2014 02:09, gnupg-devel at spodhuis.org said:
>     % ls -ld toolarge.0x57930DAB0B86B067 | awk '{print $5}'
>     2364114

kbx/keybox-file.c:

#define IMAGELEN_LIMIT (2*1024*1024)

This is intended as a sanity check.  Obviously too short for Joost's
key.  Increase that to 10MB or even 20MB?

> BTW: kudos on the speed improvements for large keyrings, they're very
> _very_ much appreciated.  Even with an incomplete import, I still had

It could even be more imporved but the client who ordererd that was
pleased with the achieved speedup.  There are two ways in which it can
be improved:

1. Primprove update speed by replacing the copy-keyring-during-update
   scheme by a more clever strategy.
2. Improve read speed by using an index.

The latter is easier to implement becuase we have matured code for this
in the management of trustdb.gpg.

Yet another way to improve on it is to use sqllite which gives us both
of the above at once.  However, all further improvements will require
sybtsantial time for proper testing and thus I think it is better tpo
spend the time on other things.

> Now just to figure out why I have to keep specifying the keyserver
> manually ...

Remember to add use --hkp-cacert for dirmngr; there is no default
certificate right now, but that will probably change with the next
release.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list