wk: > We try to achieve that this decryption process takes about 100ms;
Oh, I see... > When you change the passphrase of an old key the first time or > when you import it to gpg the key is re-encrypted so that it takes > that long. So, the trigger for this delay is then inherent to the re-encrypted key itself, not primarily dependent on the agent or gnupg library configuration, correct? I am asking this detail because - I need to move the keys to another machine, into a postgresql database where gnupg seems to be part of postgresql itself (pgcrypto) and cannot be hand-configured easily, and - I'd like to know if I have to re-create all existing (slow) keys after applying --with-agent-s2k-calibration=MSEC to gnupg (on the machine where the keys are generated). Please confirm. > It seems that you are doing a lot of operations with that key in a row. > gpg-agent's cache will cache the unprotected key so that the 100ms to > unprotect the key is only spend once during the caching time to live (10 > minutes by default). Make sure tha the cache is enabled by checking the > options --max-cache-ttl and default-cache-ttl. Depending on your use > case you may want to work without a passphrase (key protection) at all. Indeed: We do many decryptions, let me explain in short: It is postgresql that receives passphrase protected gpg keys (pgcrypto). Otherwise it couldn't execute SQL queries on encrypted data. So, I am forced to move the whole decryption work to postgresql instead of dealing with decryption after the query using (a clean version of) gnupg. I don't know about postgresql's internals but it doesn't seem to even run an agent... And just as an example: A query using gnupg 1.x keys that completes within 3 sec takes 40 sec with 2.x keys. > that value can be changed at build time using the configure option > --with-agent-s2k-calibration=MSEC but not at run time. This sounds like a suitable solution. I've seen that option here [1] but it is missing in official gnupg. What do you recommend? Felix [1] https://dev.gnupg.org/source/gnupg/browse/master/configure.ac _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users