Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
I deleted 80 % of my keyring, but my keybox file isn't shrinking
ilf at zeromail
Jul 17, 2019, 2:41 PM
Post #1 of 5 (390 views)
Permalink
Over the years, my keyring grew and got rather big. So I did some
cleaning and deleted some revoked and otherwise useless certificates.

(If you wonder how, see this script - feedback welcome:
https://github.com/ilf/gpg-maintenance/blob/master/gpg-delete-revoked-keys.sh)

This got my keyring down from 4.600 to 1.000 keys:

> % kbxutil --stats ~/.gnupg.bak/pubring.kbx | grep -e "Total" -e "openpgp"
> Total number of blobs: 4656
> openpgp: 4617
> % kbxutil --stats ~/.gnupg/pubring.kbx | grep -e "Total" -e "openpgp"
> Total number of blobs: 1041
> openpgp: 1002

But the keybox file didn't get any smaller:

> % du -h ~/.gnupg/pubring.kbx ~/.gnupg.bak/pubring.kbx
> 99M ~/.gnupg/pubring.kbx
> 99M ~/.gnupg.bak/pubring.kbx

Why is this?

I really don't understand keybox well enough to answer this myself.

Thanks!

PS: This could probably be updated:

> Well, OpenPGP keys are not implemented, gpg still used the keyring
> file pubring.gpg.

https://www.gnupg.org/documentation/manuals/gnupg/kbxutil.html

--
ilf

If you upload your address book to "the cloud", I don't want to be in it.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: I deleted 80 % of my keyring, but my keybox file isn't shrinking [ In reply to ]
ilf at zeromail
Jul 18, 2019, 3:19 AM
Post #2 of 5 (390 views)
Permalink
Same on a different box with a different keyring. I trimmed it down from
~1250 keys to ~350 keys, but the size of pubring.kbx remains 19M.

Does --delete really mean *delete* with keybox?

ilf:
> This got my keyring down from 4.600 to 1.000 keys:
> But the keybox file didn't get any smaller:

--
ilf

If you upload your address book to "the cloud", I don't want to be in it.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: I deleted 80 % of my keyring, but my keybox file isn't shrinking [ In reply to ]
mkesper at schokokeks
Jul 18, 2019, 4:04 AM
Post #3 of 5 (390 views)
Permalink
Hi all,

On 18.07.19 12:19, ilf wrote:
> Same on a different box with a different keyring. I trimmed it down from ~1250 keys to ~350 keys, but the size of pubring.kbx remains 19M.
>
> Does --delete really mean *delete* with keybox?
>
> ilf:
>> This got my keyring down from 4.600 to 1.000 keys:
>> But the keybox file didn't get any smaller:

You might try exporting your keys and importing them into a completely new pubring.

Best
Michael

Attached Files:

Re: I deleted 80 % of my keyring, but my keybox file isn't shrinking [ In reply to ]
gnupg-users at gnupg
Jul 18, 2019, 5:08 AM
Post #4 of 5 (390 views)
Permalink
On Wed, 17 Jul 2019 23:41, ilf@zeromail.org said:

> But the keybox file didn't get any smaller:

Good catch. In gpg we have not implenteted the compression run:

/* FIXME: Do a compress run if needed and no other
user is currently using the keybox. */

However, in gpgsm this is done. It does not work immediately but is
run only on gpgsm invocation iff there has been np update operaion in
the last 3 hours. Thus to force a compression run you can do:

faketime -f +3 gpgsm -k foo >/dev/null

Note that gpgsm's option --faked-system-time does not work here ( I
pushed a fix, though).

> PS: This could probably be updated:
>
>> Well, OpenPGP keys are not implemented, gpg still used the keyring
>> file pubring.gpg.

Will do.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Attached Files:

Re: I deleted 80 % of my keyring, but my keybox file isn't shrinking [ In reply to ]
ilf at zeromail
Jul 18, 2019, 12:35 PM
Post #5 of 5 (390 views)
Permalink
Thanks, that explains it.

And the faketime gpgsm command worked (after installing faketime).

But that's a hack, and users should not have to do this. Especially
since GnuPG 2.1 defauls to keybox and more people recommend it with of
the recent flooding issues.

I opened an issue to track this: https://dev.gnupg.org/T4644

Werner Koch:
> Good catch. In gpg we have not implenteted the compression run:
> faketime -f +3 gpgsm -k foo >/dev/null

--
ilf

If you upload your address book to "the cloud", I don't want to be in it.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal