Performance regression for gnupg v2 keys
Felix A. Kater
fkater at posteo.net
Thu Sep 20 15:05:15 CEST 2018
fkater:
> Hi,
>
> I have older keys and newer keys that behave quite different in the
> decryption performance.
>
> Old keys: Generated with gnupg-1.4.x, rsa2048, at 2017-01-10.
> New keys: Generated with gnupg-2.2.8, rsa2048, some weeks ago.
>
> I've always been using the defaults for generating the keys (no
> --full-gen-key, no --expert).
>
> Test case: Unfortunatelly a bit complicated. It is postgresql's
> pg_pub_decrypt() that performs approx. 10x slower when the keys,
> generated by gnupg and being passed to postgresql as a binary
> string, are generated with gnupg-2.2.8. Postgresql is using gnupg
> internally.
>
> My questions here:
>
> (1)
> If the issue is caused by the keys: Do I have the chance to compare
> old/new key internals? I've diff'ed the output of gpg -ivv ... of
> both keys and AFAIK only the default digest algo has changed from
> SHA1 to SHA256. Not sure here though.
>
> (2)
> What would be a suitable test case with gpg only, without postgresql.
A little update:
When I change the passphrase of an existing 1.x generated key with
gpg 1.4.x, the key stays ok (fast).
When I change the passphrase of an existing 1.x generated key with
gpg 2.2.8, the key gets somehow updated (slow).
So, besides fast/slow:
What's the difference between default (rsa 2048) keys generated with
1.x and 2.x?
Felix
More information about the Gnupg-users
mailing list