performance of gpg --list-secret-keys with large keyrings
Werner Koch
wk at gnupg.org
Fri Oct 10 11:23:52 CEST 2014
On Fri, 10 Oct 2014 09:01, dkg at fifthhorseman.net said:
> keys in the keyring. The public keys are in pubring.gpg and not
> pubring.kbx (no conversion has happened yet). Here's the timings:
Yeah, you should do that conversion first ;-)
> I think the move from 0.014s to >7s for --list-secret-keys is because
> gpg 2.1 implements --list-secret-keys by asking the agent about every
> known public key to see if it has the secret material for it.
I have not had this experience but it is quite plausible. Wi would like
to delay a fix for that to 2.1.1 - if we keep on fixing everything for
2.1.0 we will never see a release.
> Surely it would be more efficient if the agent could just list the keys
> directly. But maybe there are security reasons that we don't want to
It can't becuase the agent does not now about the OpenPGP protocol and
thus does not know which of its keys belong to an OpenPGP key. What we
do instead is to compute the "keygrip" from each key and ask the agent
whether it knows the matching private key:
gpg:
For each key
Compute keygrip for each subkey
Send a HAVEKEY command with all these keygrips to gpg-agent
gpg-agent:
For each keygrip
Build filename
if access(filename) possible
return okay to gpg
gpg:
if okay
list as secret key.
Thus for the command case of a primary and a subkey we have two
directory lookups which should be fast. Two keygrip computations
(parsing and SHA-1) and the IPC overhead.
There are several places were we could improve things:
- gpg-agent could cache the keygrips to avoid a file system operation.
But on Linux this should not really matter.
- If the keygrip will be listed caching it with the key like we do for
the fingerprint would be useful. Can you run 2.1 using --with-keygrip
to see whether the numbers are noticeable different than without that
option?
- We could send a HAVEKEY command for each single keygrip, so that we do
not need to compute the keygrip for the subkey in advance assuming
that the agent has the primary key. IIRC, I did this initially
but the current solutions was faster.
- We could ask the agent for a list of all private keys it knows
(KEYINFO --list) and compare against this list. That makes sense if we
have to check a lot of public keys but not for just a few ones. There
is also the problem what to do if the agent holds a huge numbers of
keys and does not need to do a full secret key listing (I know of an
authentication system which does this).
My guess is that the last option would be the best one for the general
case.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list