Very slow symmetric encryption/decryption with GnuPG 2.X
Werner Koch
wk at gnupg.org
Mon Jun 27 07:59:20 CEST 2016
On Sun, 26 Jun 2016 19:50, wurzelsepp1337 at web.de said:
> I use a Bashscript for Cloud-Encryption-Purposes under Debian Testing. It uses
> GnuPG for symmetrically encryption of many files with a for loop. With GnuPG
> 1.4.20, the encryption/decryption runs always very fast on my machine,
> GnuPG 2.X the speed is many many times slower. This process is really slow, I
For small files most time is spend on the KDF function to convert a
passphrase into a key. With 1.4. you may be using an low iteration
count but since 2.x we set the iteration count to a value which results
in about 100ms for the KDF. We have an open bug that it is not possible
to modify that iteration count (--s2k-count) for 2.1.
It might be possible to allow --multifile with --symmetric so that the
KDF is run only once. However, you would use the very same key for all
files which might not be what you want. If you have a high entropy
passphrase for symmetric encryption, there is no need for a KDF
function and you could use --s2k-mode 0 to use that key directly. Given
that you need to store such a key anyway in a file, I would suggest to
use regular public key encryption instead and store the secret key on
the receiving machine.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
/* EFH in Erkrath: https://alt-hochdahl.de/haus */
More information about the Gnupg-users
mailing list