Why does gpg -k write to tofu.db?
Werner Koch
wk at gnupg.org
Tue Aug 25 16:03:24 CEST 2020
On Tue, 11 Aug 2020 14:56, Brian Minton said:
> Why does gpg -k need to write to the tofu db? I should mention that gpg
> is running at 100% cpu in the R state. Before starting the gpg -k
I was not able to replicate it but I must say that I don't have a large
useful tofu.db. AFAICS, gpg sometimes updates the tofu.db to track
expired bindings. You can have a closer look at hi8t by running
gpg -k --debug trust
or to disable updates by using
gpg -k --dry-run
I suspect that the TOFU database scheme is not well suited for large
number of keys. In particular not if several gpg processes are running.
I also don't like that it stores meta data of all signatures ever
verified.
Revamping the tofu stuff is on my list but I have not yet found the time
(as usual). The Tofu information should be stored along the key and not
in a separate database with all its transaction overhead. The optional
keyboxd we will provide in 2.3 may help to solve the problems.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200825/98f6545b/attachment.sig>
More information about the Gnupg-users
mailing list