Very slow symmetric encryption/decryption with GnuPG 2.X

Werner Koch wk at
Mon Jun 27 07:59:20 CEST 2016

On Sun, 26 Jun 2016 19:50, wurzelsepp1337 at said:

> I use a Bashscript for Cloud-Encryption-Purposes under Debian Testing. It uses
> GnuPG for symmetrically encryption of many files with a for loop. With GnuPG
> 1.4.20, the encryption/decryption runs always very fast on my machine,
> GnuPG 2.X the speed is many many times slower. This process is really slow, I

For small files most time is spend on the KDF function to convert a
passphrase into a key.  With 1.4. you may be using an low iteration
count but since 2.x we set the iteration count to a value which results
in about 100ms for the KDF.  We have an open bug that it is not possible
to modify that iteration count (--s2k-count) for 2.1.

It might be possible to allow --multifile with --symmetric so that the
KDF is run only once.  However, you would use the very same key for all
files which might not be what you want.  If you have a high entropy
passphrase for symmetric encryption, there is no need for a KDF
function and you could use --s2k-mode 0 to use that key directly.  Given
that you need to store such a key anyway in a file, I would suggest to
use regular public key encryption instead and store the secret key on
the receiving machine.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
    /* EFH in Erkrath: */

More information about the Gnupg-users mailing list