trust management script

Neil Williams linux at
Wed Apr 28 10:55:15 CEST 2004

On Wednesday 28 April 2004 9:15, Stuart A Yeates wrote:
> Adrian 'Dagurashibanipal' von Bidder wrote:
> > Incidentally: is gpg's database handling good enough, or will I get a
> > speedup by starting again from an empty keyring?
> You will get a speed-up. Be aware that keys with multiple signatures and
> uids consume far more space that keys with fewer signatures and uids.
> The safe way to start with an empty keyring is:
> 0) send any new signatures to the keyservers (gpg --send)
> 1) rename pubring.gpg
> 2) rename trustdb.gpg
> 3) import your public key(s) from a keyserver
> 4) edit your key(s) to make them trusted

That will take a while!

In a keyring of 3,000 keys where 2,000 have multiple signatures, just how much 
speed is going to be gained over simply deleting the 1,000 keys?

Each time --update-trustdb gets new trust information, the entire trust 
database needs to be checked so the closer you get to that 2,000th multiple 
sig key, the longer the trust check takes.

Instead of a single trust update after deleting 1,000 keys with a script, you 
are using a recursively longer trust check 2,000 times.

Me thinks that would take longer than a simple find, identify, delete script.

You would have to have a very considerable speed improvement to justify the 


Neil Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20040428/42fe5f03/attachment.bin

More information about the Gnupg-users mailing list