Looking up keys from a massive store

Rick van Rein rick at openfortress.nl
Thu Aug 31 20:26:52 CEST 2017


Thanks Werner!

> The keybox is the default for new installations (that is if there is no
> pubring.gpg) since 2.1.  I implemented it so that (iirc) were able to do
> 20 signature verifications from a random set of keys out of 30000 keys
> within a second.  Unfortunately recent changes to internal workings
> dropped the performance again.

Wow :)

> If you want to encrypt only, there may be a simpler way: The new option
> -F takes a file with a single key and encrypts to that key, without any
> need to access the public keyring.

Ah, that is a most useful addition :)

I also found the internal API after writing this and found that I can
load the keys, which is yet another way to get it done.  Great!

> We use it for example in our Web Key
> Directory tools to do a run a challenge response protocol.  See 
> gnupg/tools/gpg-wks-server.c for some hints but I can also explain usage
> if you explain your protocol in more detail.

Thanks.  I am still designing, so things are still fuzzy and looking
where they fit in :)  The above is already quite helpful!

-Rick



More information about the Gnupg-users mailing list