trust management script
Adrian 'Dagurashibanipal' von Bidder
avbidder at fortytwo.ch
Wed Apr 28 13:30:33 CEST 2004
On Wednesday 28 April 2004 10.55, Neil Williams wrote:
> On Wednesday 28 April 2004 9:15, Stuart A Yeates wrote:
> > Adrian 'Dagurashibanipal' von Bidder wrote:
> > > Incidentally: is gpg's database handling good enough, or will I
> > > get a speedup by starting again from an empty keyring?
> >
> > You will get a speed-up. Be aware that keys with multiple
> > signatures and uids consume far more space that keys with fewer
> > signatures and uids. The safe way to start with an empty keyring
> > is:
> >
> > 0) send any new signatures to the keyservers (gpg --send)
> > 1) rename pubring.gpg
> > 2) rename trustdb.gpg
> > 3) import your public key(s) from a keyserver
> > 4) edit your key(s) to make them trusted
>
> That will take a while!
>
> In a keyring of 3,000 keys where 2,000 have multiple signatures, just
> how much speed is going to be gained over simply deleting the 1,000
> keys?
Well, it doesn't take that long, and in my case gpg speed is really
quite bad (sometimes it takes 1 second or so for a simple gpg
--list-key <somekey>, and a --check-trustdb takes ages (90s or so.)
So I guess I'll try it - the process is simple enough
$ gpg --export > keys.gpg
$ gpg --export-ownertrust > trust
$ mv trustdb.gpg trustdb.gpg.old
$ mv pubring.gpg pubring.gpg.old
$ gpg --import < keys.gpg
$ gpg --import-ownertrust < trust
$ gpg --check-trustdb
If key lookup is starting to be the slow part of gpg operations, and not
the crypto, I find this a bit annoying.
cheers
-- vbi
--
My uncle was the town drunk -- and we lived in Chicago.
-- George Gobel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 331 bytes
Desc: signature
Url : /pipermail/attachments/20040428/3e00be0e/attachment.bin
More information about the Gnupg-users
mailing list