-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
On 24/6/19 12:14 am, The Wanderer wrote: > The short version of this is that I think I need to clear out a > lot of irrelevant keys / signatures, et cetera, from my gnupg > configuration - but I don't want to do anything which risks losing > my private key(s), or any related information. Your problem is most likely polluted keys due to a major design flaw with SKS serverv. I've seen two keys become extremely large due to junk being added and the behaviour of anything using my public keyring was horribly slow and with the CPU pinning by one process. The following has been sent to a couple of local LUGs that I'm in: For those of us whom use OpenPGP/GPG keys with GNUPG implementation (perhaps everyone whom interacts with SKS servers)... there has been a very long standing technical problem that is currently causing issues. The problem, in a nutshell causes keys to significantly increase in size due to bad data being easily uploaded to the SKS servers without proper validation and consequently severely effecting performance of anything using the public keyring database. If you experience the problem, it will be due to a significant increase of the size of your public keyring file. When processing the public keyring data, the CPU gets pinned at 100% for at least one thread. What I have done is a full export of keys to ASCII armoured files and look at the larger files -- in my case the two largest were for Micah Lee and the Tor Project keys. Delete problematic keys and import fresh sane data for them. Having older backups of the Tor Project's key, I've replaced the key with one that doesn't have the extra bad payload. The former key /may/ not be easily found as the Tor website directs you to an SKS server to collect the data and it doesn't appear to be easily available directly from Tor project's own website. For Micah Lee's key, I got it from keybase.io (micahflee). https://keybase.io/micahflee There are different solutions, keybase.io is but one. In any case the SKS servers are in big trouble as they stand today. A reason for the problem popping up might be related to a simple key refresh; so that is a major problem. It's been said that even just using the keys can cause problems when you don't have any keys with bad data, but I'm not so sure about that. And a follow up: Without any specific refresh, my Tor Project key grew again. I've change my gpg.conf now, let's see if that stops the problem. Using an alternate server: keyserver hkp://keys.openpgp.org More details here: https://sequoia-pgp.org/blog/2019/06/14/20190614-hagrid/ Cheers A. -----BEGIN PGP SIGNATURE----- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXRuDNwAKCRCoFmvLt+/i +zbSAP0Zh8WrQMJaEQRegRl+rBoNCucSSwySGAa4Iy/CbRr+GAD9G4FOYnJMs363 98asLeJ3TGuBWgjEqLVUItNH9HIOblE= =uA5x -----END PGP SIGNATURE-----