I'm trying to get my GPG configuration back to a sane size. I've just converted pubring.gpg to pubring.kbx using migrate-pubring-from-classic-gpg, but despite only containing a few dozen public keys those files are both almost 30 MB. Please correct me if I'm wrong about the normal size of keys, but I suspect this might be because of certificate spamming. So I'm trying to figure out which keys are causing this massive file size (and reducing any GPG-related commands to mush), if that is even meaningful outside of the keys' bit size.
Add a comment |
1 Answer
On-disk key sizes are related to the number of signatures, so one way to find out which keys to investigate is to run something like
gpg2 --with-colons --list-keys --with-sig-list | awk -F: 'function dump(key, uid, sigs) { if (key && uid) { printf "%s: %d (%s)\n", key, sigs, uid } } /^pub/ { dump(key, uid, sigs); key = $5; sigs = 0 } /^uid/ { dump(key, uid, sigs); uid = $10; sigs = 0 } /^sig/ { sigs++ } END { dump(key, uid, sigs) }' | sort -n -k2,2 (This mis-counts slightly since subkey signatures are included, but the error isn’t significant.)
Non-spammed keys shouldn’t show more than a few thousand signatures; the largest key in my (cleaned up) keyring is Werner Koch’s 0xF2AD85AC1E42B367, which shows 4,773 sig entries and occupies less than one megabyte.
To see a key’s size in your keyring, run
gpg2 --export ${keyid} | wc -c - Uh-oh, that was the Tor Browser Developers signing keyl0b0– l0b02019-07-10 09:25:39 +00:00Commented Jul 10, 2019 at 9:25