Mailing List Archive

GPG slows git commit
GPG slows git commit

I am on macOS 11.2.3, git 2.31.0, and gpg 2.2.27.

I have a private repo with a few python scripts (small). I create an empty text file, git add it, and commit it. I sign commits using GPG.

This process takes 4.64 seconds. Without gpg signing, it takes <1 sec.

Trace output is at https://gist.github.com/erikr/cf7b45d5382de0a5164a35aa08747d4b <https://gpgtools.tenderapp.com/discussions/problems/110188/r?go=aHR0cHM6Ly9naXN0LmdpdGh1Yi5jb20vZXJpa3IvY2Y3YjQ1ZDUzODJkZTBhNTE2NGEzNWFhMDg3NDdkNGI%3D>.

Expected
git commit is lightning fast, and gpg signing does not slow down git commit

Additional info
Any input would be much appreciated. I am also a beginner with GPG and git, so thanks for your patience in advance.

I posted this in the GPGTools support forum, but was told to ask this mailing list instead.

-Erik
Re: GPG slows git commit [ In reply to ]
On Donnerstag, 25. M?rz 2021 13:20:47 CET Erik Reinertsen wrote:
> I have a private repo with a few python scripts (small). I create an empty
> text file, git add it, and commit it. I sign commits using GPG.
>
> This process takes 4.64 seconds. Without gpg signing, it takes <1 sec.
>
> Expected
> git commit is lightning fast, and gpg signing does not slow down git commit

That's an unreasonable expectation. gpg signing will take some time. It will
slow down git commit. But, of course, it shouldn't take multiple seconds.

> Additional info
> Any input would be much appreciated. I am also a beginner with GPG and git,
> so thanks for your patience in advance.

First let's have a look at your key. Please run
gpg --list-secret-keys
and paste the output for your signing key into your reply.

Moreover, let's time gpg signing without git. Run
echo Hello | time gpg --clearsign

Additionally, let's check which version of gpg you are using. Run
gpg --version

Regards,
Ingo
Re: GPG slows git commit [ In reply to ]
Ingo, I greatly appreciate your assistance.

>> Additional info
>> Any input would be much appreciated. I am also a beginner with GPG and git,
>> so thanks for your patience in advance.
>
> First let's have a look at your key. Please run
> gpg --list-secret-keys
> and paste the output for your signing key into your reply.

$ gpg --list-secret-keys
/Users/erik/.gnupg/pubring.kbx
------------------------------
sec rsa4096 2021-02-08 [SC] [expires: 2021-04-09]
581F6A88B3F58A4E94A26040153F263741C51DC1
uid [ultimate] Erik Reinertsen <erikrtn@gmail.com>
ssb rsa4096 2021-02-08 [E] [expires: 2021-04-09]

> Moreover, let's time gpg signing without git. Run
> echo Hello | time gpg --clearsign

gpg --clearsign 0.01s user 0.01s system 0% cpu 6.696 total


> Additionally, let's check which version of gpg you are using. Run
> gpg --version

$ gpg --version
gpg (GnuPG) 2.2.27
libgcrypt 1.9.2
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/erik/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

--
Erik
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG slows git commit [ In reply to ]
On Freitag, 26. M?rz 2021 15:16:15 CET Erik Reinertsen via Gnupg-users wrote:
> > Moreover, let's time gpg signing without git. Run
> > echo Hello | time gpg --clearsign
>
> gpg --clearsign 0.01s user 0.01s system 0% cpu 6.696 total

I'm not sure that I understand the result. (The time command on my system has
a different output format.) Does the "6.696 total" mean that clearsigning took
almost 7 seconds? gpg didn't ask you for your passphrase, right?

Try putting
log-file /somewhere/gpg.log
verbose
debug ipc,lookup
into ~/.gnupg/gpg.conf

Then make a signed test commit and check the log file.

Regards,
Ingo
Re: GPG slows git commit [ In reply to ]
Ingo,

Thank you for the response.

If I run the same command again, I am prompted to enter my passphrase. Subsequently, I get:


gpg: using "581F6A88B3F58A4E94A26040153F263741C51DC1" as default secret key for signing
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIzBAEBCAAdFiEEWB9qiLP1ik6UomBAFT8mN0HFHcEFAmBsjzEACgkQFT8mN0H
...

=JcnT
-----END PGP SIGNATURE-----
gpg --clearsign 0.01s user 0.02s system 0% cpu 7.230 total

Note I am on macOS 11.2.3 and zsh 5.8.

Regarding your other suggestions, I don't have a command called "log-file". Is the full suggested syntax "log-file /somewhere/gpg.log"?

Sorry if I'm missing obvious things here.

Erik

> On Mar 27, 2021, at 5:01 PM, Ingo Klöcker <kloecker@kde.org> wrote:
>
> On Freitag, 26. März 2021 15:16:15 CET Erik Reinertsen via Gnupg-users wrote:
>>> Moreover, let's time gpg signing without git. Run
>>> echo Hello | time gpg --clearsign
>>
>> gpg --clearsign 0.01s user 0.01s system 0% cpu 6.696 total
>
> I'm not sure that I understand the result. (The time command on my system has
> a different output format.) Does the "6.696 total" mean that clearsigning took
> almost 7 seconds? gpg didn't ask you for your passphrase, right?
>
> Try putting
> log-file /somewhere/gpg.log
> verbose
> debug ipc,lookup
> into ~/.gnupg/gpg.conf
>
> Then make a signed test commit and check the log file.
>
> Regards,
> Ingo
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users