Efficent batch fetching with verification?

Robin H. Johnson robbat2 at gentoo.org
Sat Nov 4 06:06:59 CET 2017

On Fri, Nov 03, 2017 at 08:17:38PM +0100, Werner Koch wrote:
> On Fri,  3 Nov 2017 06:20, robbat2 at gentoo.org said:
> > Presently, the code is effectively this:
> > ...cat-list-of-fingerprints... | xargs gpg --recv
> >
> > This has the downside of causing many execs.
> Right after a clean startup of your user session you will
> see these execs:
>   1. xargs execs gpg
>   2. gpg execs gpg-agent
>   3. gpg execs dirmngr
> If xargs needs to exec another gpg you won't see new execs for gpg-agent
> or dirmngr.  And the startup time of gpg can be neglecated compared to
> the latency of the keyservers.
> Or may it be that you are using gpg 1.4 or 2.0?  Those invoke keyserver
> helpers and that may very well be one exec per supplied fingerprint.
Yes, the older versions do perform much worse, but even with gnupg2.2,
each exec of gpg is still at least 100ms, which adds up over time.

Part this may be having a huge keyring present (50k+ keys).

Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Asst. Treasurer
E-Mail   : robbat2 at gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1113 bytes
Desc: Digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20171104/8f30295d/attachment.sig>

More information about the Gnupg-users mailing list