On Wed, 30 Aug 2017 21:06, r...@openfortress.nl said: > for the number of keys. That would probably hit us too. If I've seen it > correctly, the keybox format mentioned there is not part of today's gnupg.
The keybox is the default for new installations (that is if there is no pubring.gpg) since 2.1. I implemented it so that (iirc) were able to do 20 signature verifications from a random set of keys out of 30000 keys within a second. Unfortunately recent changes to internal workings dropped the performance again. > What key search method would you recommend that is scalable to many keys and > to many signatures being placed in parallel? Or is it perhaps an idea to > create public keyrings just for the purpose of one email being sent? [No > idea if that is possible at all, let alone how, just thinking out loud.] Try to use the fingerprint. That will be always be the fastest way to access the key material. > FWIW, the intention is to fill the LDAP store with keys that are submitted > over email, and accepted based on DKIM signatures on the email. Email that > is sent would be automatically encrypted with PGP, and DKIM would sign the > entire message in the mail server. If you want to encrypt only, there may be a simpler way: The new option -F takes a file with a single key and encrypts to that key, without any need to access the public keyring. We use it for example in our Web Key Directory tools to do a run a challenge response protocol. See gnupg/tools/gpg-wks-server.c for some hints but I can also explain usage if you explain your protocol in more detail. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpTkKc5aLYQD.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users