David Shaw on Thu, 27 Feb 2003 21:21:05 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] GnuPG 1.2.1 trustdb checks for every pubkey import?


On Thu, Feb 27, 2003 at 08:59:08PM -0500, Walt Mankowski wrote:
> On Thu, Feb 27, 2003 at 12:32:22AM -0500, Walt Mankowski wrote:
> > OK.  I just kicked it off, and I'll let it run overnight.  I'll report
> > back in the morning.
> 
> Running gpg --no-sig-cache --rebuild-keydb-caches took a little over 2
> hours.  Now I see this:
> 
> % time gpg --check-trustdb
> gpg: key 375AD924: no subkey for subkey revocation packet
> gpg: checking at depth 0 signed=58 ot(-/q/n/m/f/u)=0/0/0/0/0/1
> gpg: checking at depth 1 signed=45 ot(-/q/n/m/f/u)=2/0/0/40/16/0
> gpg: checking at depth 2 signed=135 ot(-/q/n/m/f/u)=36/1/0/1/0/0
> gpg: next trustdb check due at 2003-03-30
> gpg --check-trustdb  8.60s user 1.13s system 85% cpu 11.413 total
> 
> It's better, but still not 3 seconds...

You went from over a minute to 11 seconds.  Not bad.

Once the sigs are cached, you're eliminating virtually all of the
crypto processing time.  After that is eliminated, the other variables
are disk IO speed, CPU speed, and the number of keys in your keyring.

It does take 3-4 seconds for me, but I don't have nearly as many keys
as you do (369 compared to 2179).

David

Attachment: pgpwVSnZ97Rqh.pgp
Description: PGP signature