GPG 1.3.1: Can't import key

Michael Nahrath gnupg-users@nahrath.de
Thu Dec 5 04:29:01 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Shaw <dshaw@jabberwocky.com> schrieb am 2002-12-05 03:20 Uhr:

>>>> Problem with GPG 1.3.1, my prefs, the keyserver or is it Mac specific?
>>>=20
>>> None of the above.  That key is an Elgamal signing key.  They're slow,
>>> and I mean *really* slow.

>> Slow it is. Verifying David's Signature needs more than 10 seconds
>> (with GPG using about 70% of my G4-500 CPU) whereas verifying other atta=
ched
>> signatures (eg. Jason's and Sebastina's in this list) need less than 3
>> seconds.=20
>=20
> Yes, they have DSA keys.
>=20
>> But before deleting them those 2 signatures seem to have corrupted my wh=
ole
>> keyring.
>=20
> Not corrupted.  David's key has several user ID revocations on it.
> Elgamal is a very slow signing algorithm, and validating those
> revocation self-signatures takes time.
>=20
> When you deleted one of them, you caused the signature cache to be
> updated, so the sigs didn't need to be checked again.  You could have
> deleted anything from that key or run --rebuild-keydb-caches and
> gotten the same result.

Yes, now I got it :-)

With some help I got by PM I can reduce it to a simple test:

bash-2.05a$ gpg --recv-key --keyserver keyserver.kjsl.com 0x10F4B2AA
[...]
bash-2.05a$ gpg --rebuild-keydb-caches
[...]
bash-2.05a$ time gpg --list-sigs 0x10F4B2AA
[...]
real    0m1.034s
user    0m0.170s
sys     0m0.080s
bash-2.05a$ time gpg --list-sigs --no-sig-cache 0x10F4B2AA
[...]
real    1m26.397s
user    1m13.020s
sys     0m0.510s
bash-2.05a$ time gpg --update-trustdb
[...]
real    0m2.908s
user    0m1.140s
sys     0m0.400s
bash-2.05a$ time gpg --no-sig-cache --update-trustdb
[...]
real    8m31.544s
user    6m37.470s
sys     0m5.070s
bash-2.05a$ gpg --delete-key 0x10F4B2AA
[...]
bash-2.05a$ time gpg --no-sig-cache --update-trustdb
[...]
real    0m43.781s
user    0m35.380s
sys     0m0.900s
=20
That also explains why my earlier tests were so unreproducable.
Each of them met a different state of the cache.

And of course the first import of David's key needed the longest time
whitch made it look like a keyserver problem. In reality the keyserver sent
the data at normal speed but my gpg needed about 10 minutes to incorporate
it with the keyring.

Thanks! Michi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.1 (Darwin)

iD8DBQE97sgq19dRf5pMcEwRApWRAJ94+3zrw9by1fCFyXJh/rESZzX2lgCeOtvr
upe4suiIvLo36ZYeACxL458=3D
=3D+LzE
-----END PGP SIGNATURE-----=97=81-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Shaw <dshaw@j