Performance regression for gnupg v2 keys

Felix A. Kater fkater at posteo.net
Thu Sep 20 15:05:15 CEST 2018


fkater:

> Hi,
> 
> I have older keys and newer keys that behave quite different in the
> decryption performance.
> 
> Old keys: Generated with gnupg-1.4.x, rsa2048, at 2017-01-10.
> New keys: Generated with gnupg-2.2.8, rsa2048, some weeks ago.
> 
> I've always been using the defaults for generating the keys (no
> --full-gen-key, no --expert).
> 
> Test case: Unfortunatelly a bit complicated. It is postgresql's
> pg_pub_decrypt() that performs approx. 10x slower when the keys,
> generated by gnupg and being passed to postgresql as a binary
> string, are generated with gnupg-2.2.8. Postgresql is using gnupg
> internally.
> 
> My questions here:
> 
> (1)
> If the issue is caused by the keys: Do I have the chance to compare
> old/new key internals?  I've diff'ed the output of gpg -ivv ... of
> both keys and AFAIK only the default digest algo has changed from
> SHA1 to SHA256. Not sure here though.
> 
> (2)
> What would be a suitable test case with gpg only, without postgresql.


A little update:

When I change the passphrase of an existing 1.x generated key with
gpg 1.4.x, the key stays ok (fast).

When I change the passphrase of an existing 1.x generated key with
gpg 2.2.8, the key gets somehow updated (slow).

So, besides fast/slow:

What's the difference between default (rsa 2048) keys generated with
1.x and 2.x?

Felix




More information about the Gnupg-users mailing list