gpg-agent "forgetting" keys when getting many parallel requests
Werner Koch
wk at gnupg.org
Mon Mar 18 09:50:02 CET 2024
On Sun, 17 Mar 2024 13:09, Bence Ferdinandy said:
> running out of memory. Based on a discussion I found
> (https://dev.gnupg.org/T4255), I set `auto-expand-secmem 100M` in
Right. The man page says:
--auto-expand-secmem n
Allow Libgcrypt to expand its secure memory area as required.
The optional value n is a non-negative integer with a suggested
size in bytes of each additionally allocated secure memory area.
The value is rounded up to the next 32 KiB; usual C style
prefixes are allowed. For an heavy loaded gpg-agent with many
concurrent connection this option avoids sign or decrypt errors
due to out of secure memory error returns.
You should not append the 'M' - it is simply ignored. That is a bug in
the option parser but we can't fix that because it would break too many
configs which falsely assume that a letter can be used for some kind of
unit.
The value is actually irrelevant becuase any value will enable the
auto-expand behaviour. Larger chunks can make maneory allocation a biut
faster because every free() call needs to check the linked list of
secure memory pools. I am not sure whetehr this is measurable, though.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240318/a5c8cc67/attachment.sig>
More information about the Gnupg-users
mailing list