'pubring.kbx' growing

Werner Koch wk at gnupg.org
Sat Jun 15 17:16:39 CEST 2024


On Fri, 14 Jun 2024 23:20, Bernhard Voelker said:

> It's not "newer keys".  It's the same key again and again.
> And new keys don't "fit into that file space" as you say:
> simply 'gpg --import' + 'gpg --delete-key' in a loop.

The key might still grow due to signature verification caches.  And then
it does not fit anymore in the old space.  It is also possible that the
space needs to be a bit larger than what was left over from the last
key.  That code is sooo old that I can't remember the deauls anymore.

>> Better update to 2.4 and use that.
>
> Confirmed: the problem still exists with the KBX format on 2.4.5, as mentioned.

Sure, it is the same code.

> GPG 2.2 went away from the 'pubring.gpg' file format to the keybox format,

Not GnuPG 2.2 but 2.0 from 2006 or even 1.9 from 2004 introduced this
format.  We started to use the keybox format also for *PGP with 2.1 in
2014 (see doc/whats-new-in-2.1.txt),

> BTW: is the 'keyboxd' reliably already available in 2.2?

Definitely not; use 2.4

> Sorry, I didn't look too much into the implementation of the KBX format,
> but - as long as there's no general design issue with it - I guess this

You are aware tha the pubring.gpg format is nothing else but the on-wire
format for PGP keys?  It's use for random access was never a good idea
but all PGP 2 versioned did it this way and thus gpg also used that
format.  Adding an index or meta data to that format is not really
possible. That is what KBX solves: adding meta data like a fingerprint
to speed up searching.  Without that the software needs to parse each
packet of each key and compute the fingerprints over and over again.  

> should be fixable quite easy.  Please re-consider checking this, and

You may use the kbxutil tool to find out why your keybox is growing.


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20240615/65f76920/attachment.sig>


More information about the Gnupg-devel mailing list