Efficent batch fetching with verification?

Robin H. Johnson robbat2 at gentoo.org
Fri Nov 3 06:20:21 CET 2017


What's a reasonably efficient way to fetch a lot of keys, by
fingerprint, from keyserver pools with HKPS?

Presently, the code is effectively this:
...cat-list-of-fingerprints... | xargs gpg --recv

This has the downside of causing many execs.

As an alternate, it was suggested that I could do manual HTTP fetches
for each of the fingerprints, then verify the keyserver returned only
the correct keys. This however, still runs into the problem of calling
gpg many times.

gpgme does an exec behind the scenes, for each call, so I'm wondering
what other solutions are out there.

Most useful would be feeding a list of fingerprints to
--recv via a file descriptor, or feeding entire commands to a 
long-running GPG instance (but Assuan doesn't support RECV).

The Assuan part echos a much older request of mine, that more operations
should be available via Assuan, to efficiently sign or verify many
files.

-- 
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Asst. Treasurer
E-Mail   : robbat2 at gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1113 bytes
Desc: Digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20171103/21a55e15/attachment.sig>


More information about the Gnupg-users mailing list