importing large keyring

Jason Harris jharris at widomaker.com
Wed Apr 20 17:51:43 CEST 2005


On Wed, Apr 20, 2005 at 02:17:31PM +0200, Sascha Silbe wrote:

> Recently (somewhere around the update from gnupg 1.2.x to 1.4.x) my 
> keyring got corrupted:
> 
> sascha at cube:~$ gpg --export > /dev/null
> gpg: buffer shorter than subpacket
> gpg: signature packet without timestamp
> gpg: buffer shorter than subpacket
> gpg: signature packet without keyid
> gpg: buffer shorter than subpacket
> [...]

I've also seen similar "corruption" recently (with GPG 1.4.1):

  %gpg --keyserver hkp://keyserver.sascha.silbe.org --recv CA57AD7C
  Host:           keyserver.sascha.silbe.org
  Command:        GET
  gpgkeys: HTTP URL is `hkp://keyserver.sascha.silbe.org/pks/lookup?op=get&options=mr&search=0xCA57AD7C'
  gpg: buffer shorter than subpacket
  gpg: buffer shorter than subpacket
  gpg: signature packet without keyid
  gpg: buffer shorter than subpacket
  gpg: signature packet without timestamp
  gpg: key CA57AD7C: accepted non self-signed user ID "[jpeg image of size 3400]"
  gpg: key CA57AD7C: accepted non self-signed user ID "[jpeg image of size 3400]"
  gpg: key CA57AD7C: accepted non self-signed user ID "[jpeg image of size 3400]"
  gpg: buffer shorter than subpacket
  gpg: buffer shorter than subpacket
  gpg: signature packet without keyid
  gpg: buffer shorter than subpacket
  [snip]


  $gpg -k CA57AD7C
  gpg: buffer shorter than subpacket
  gpg: buffer shorter than subpacket
  gpg: signature packet without keyid
  gpg: buffer shorter than subpacket
  pub   2048R/CA57AD7C 2004-12-06
  uid                  PGP Global Directory Verification Key
  uid                  [jpeg image of size 3400]
  uid                  [jpeg image of size 3400]
  uid                  [jpeg image of size 3400]
  uid                  [jpeg image of size 3400]


  %gpg --export CA57AD7C > /dev/null
  gpg: buffer shorter than subpacket
  gpg: buffer shorter than subpacket
  gpg: signature packet without keyid
  gpg: buffer shorter than subpacket

NB:  I set "allow-non-selfsigned-uid" in ~/.gnupg/options, but you
probably don't, and we're seeing most of the same errors.

> However, most of the keys are still OK, so I'd like to use the output of 
> "gpg --export" to re-create the keyring.
> The keyring is rather large (70MB) and after importing several thousand 
> keys gpg uses more memory than is available as physical RAM, so it's 
> continously swapping. After 2 days without significant progress I've 
> aborted the import.

(Out of curiosity, what do you plan to have GPG do with the keys
once they're imported?)

I often work with keys dumped straight from pks without doing a
"gpg --import" on them.  You should be able to do the same with
SKS.

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: not available
Url : /pipermail/attachments/20050420/bfea69c1/attachment.pgp


More information about the Gnupg-users mailing list