Keyring operations _very_ slow

René Pfeiffer lynx at
Fri Feb 10 13:57:44 CET 2017


I am using gpg and gpg2 with mutt and Icedove/Thunderbird (with Enigmail
plugin). My public keyring has grown to be very big since the email clients
auto-import unknown keys. Plus I did some signing and imported keys signing
keys from others.

The problem is that most GPG operations Enigmail does take a lot of time,
because key ring operations are very slow. I already disabled the trust
check by using --no-auto-check-trustdb, but a single "gpg2 --check-trustdb"
command takes a long time to complete:

some at host:~$ time gpg2 --check-trustdb

real    13m3.849s
user    10m56.379s
sys 2m7.458s
some at home:~$ 

The pubring.gpg file has 100 MB.

mutt doesn't suffer from this problem, because it calls the GPG commands
differently. Enigmail apparently creates a list of all keys in the public
keyring and selects from this temporary list. Since Enigmail assumes that
key ring operations do not take long, gpg2 command are called and run
parallel doing stuff with the key ring. I talked to the Enigmail
developers, but they refuse to add a lock mechanism because key ring
operations should not take this long.

Is there a way to "repair" or "defragment" the key ring file? I can also
provide more data if someone wants to debug this.

Best regards,

  )\._.,--....,'``.  fL  Let GNU/Linux work for you while you take a nap.
 /,   _.. \   _\  (`._ ,. R. Pfeiffer <lynx at> +
`._.-(,_..'--(,_..'`-.;.'  - System administration + Consulting + Teaching -
Got mail delivery problems?
Warning: Do _NOT_ send emails with HTML content to my address! No guarantees!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: not available
URL: </pipermail/attachments/20170210/b9c94ce6/attachment.sig>

More information about the Gnupg-users mailing list