David Shaw on Thu, 27 Feb 2003 00:30:32 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] GnuPG 1.2.1 trustdb checks for every pubkey import?


On Thu, Feb 27, 2003 at 12:08:35AM -0500, Walt Mankowski wrote:
> > Also, what happens if you run:
> > 
> >   gpg --with-colons --list-keys | grep pub | grep :20:

[ 8 keys snipped ]

Sigh.  Welcome to the hell that is the Elgamal signature key.  They're
at least one order of magnitude slower than RSA or DSA.  Not much that
can be done - it's in the nature of the algorithm.  I wish I could pop
up a big flashing red light when someone generated one of these keys
explaining all of the reasons why they are a bad idea.

Try this:

  gpg --no-sig-cache --rebuild-keydb-caches

It'll take a very long time, but that will check and cache the
validity of every signature you have on your keyring, including all
the deadly Elgamal ones.

After you do that, let me know if --check-trustdb runs any faster.

David

Attachment: pgp1jtMDFHt1q.pgp
Description: PGP signature