how to store the public keys in a db?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Feb 14 15:20:11 CET 2011
On 02/14/2011 03:58 AM, Werner Koch wrote:
> On Sun, 13 Feb 2011 13:34, ikrabbe.ask at gmail.com said:
>
>> don't think that it will result into a bottleneck before reaching
>> 10^6-10^12 keys (I didn't prove this statement!).
>
> This won't work. We do a sequential scans of the pubring.gpg all the
> time. This includes the computation of fingerprints etc for each and
> every key. It is more a miracle that it still works fine with many
> thousand keys.
fwiw, it doesn't really "work fine" with many thousand keys. i've got
1785 keys in my pubring, and performance is noticeably poor. This may
be due to my running somewhat older/low-end hardware (900Mhz Celeron M
processor, 1GiB RAM), but it's bad enough that i've taken the step of
setting no-auto-check-trustdb, and running --check-trustdb manually from
a nightly cronjob. otherwise, with the amount of signed and/or
encrypted mail that i get, and the fact that i'm signing software and
using it to verify ssh connections and web connections, my machine would
be regularly blocked on gpg for many many tasks.
I'm looking forward to the speedup promised by the keybox format; i hope
the trustdb recalculations can be comparably sped up as well.
Thanks for working on this, Werner.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110214/47d411a4/attachment.pgp>
More information about the Gnupg-users
mailing list