GPG slows git commit

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

GPG slows git commit

GnuPG - User mailing list

GPG slows git commit

I am on macOS 11.2.3, git 2.31.0, and gpg 2.2.27.

I have a private repo with a few python scripts (small). I create an empty text file, git add it, and commit it. I sign commits using GPG.

This process takes 4.64 seconds. Without gpg signing, it takes <1 sec.

Trace output is at https://gist.github.com/erikr/cf7b45d5382de0a5164a35aa08747d4b.

Expected
git commit is lightning fast, and gpg signing does not slow down git commit

Additional info
Any input would be much appreciated. I am also a beginner with GPG and git, so thanks for your patience in advance.

I posted this in the GPGTools support forum, but was told to ask this mailing list instead.

-Erik




_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

carbon.png (276K) Download Attachment
2021-03-20_14-05_DebugInfo.gpg (13K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: GPG slows git commit

Ingo Klöcker
On Donnerstag, 25. März 2021 13:20:47 CET Erik Reinertsen wrote:
> I have a private repo with a few python scripts (small). I create an empty
> text file, git add it, and commit it. I sign commits using GPG.
>
> This process takes 4.64 seconds. Without gpg signing, it takes <1 sec.
>
> Expected
> git commit is lightning fast, and gpg signing does not slow down git commit

That's an unreasonable expectation. gpg signing will take some time. It will
slow down git commit. But, of course, it shouldn't take multiple seconds.

> Additional info
> Any input would be much appreciated. I am also a beginner with GPG and git,
> so thanks for your patience in advance.

First let's have a look at your key. Please run
gpg --list-secret-keys
and paste the output for your signing key into your reply.

Moreover, let's time gpg signing without git. Run
echo Hello | time gpg --clearsign

Additionally, let's check which version of gpg you are using. Run
gpg --version

Regards,
Ingo

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: GPG slows git commit

GnuPG - User mailing list
Ingo, I greatly appreciate your assistance.

>> Additional info
>> Any input would be much appreciated. I am also a beginner with GPG and git,
>> so thanks for your patience in advance.
>
> First let's have a look at your key. Please run
> gpg --list-secret-keys
> and paste the output for your signing key into your reply.

$ gpg --list-secret-keys
/Users/erik/.gnupg/pubring.kbx
------------------------------
sec   rsa4096 2021-02-08 [SC] [expires: 2021-04-09]
      581F6A88B3F58A4E94A26040153F263741C51DC1
uid           [ultimate] Erik Reinertsen <[hidden email]>
ssb   rsa4096 2021-02-08 [E] [expires: 2021-04-09]

> Moreover, let's time gpg signing without git. Run
> echo Hello | time gpg --clearsign

gpg --clearsign  0.01s user 0.01s system 0% cpu 6.696 total


> Additionally, let's check which version of gpg you are using. Run
> gpg --version

$ gpg --version
gpg (GnuPG) 2.2.27
libgcrypt 1.9.2
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/erik/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

--
Erik
_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: GPG slows git commit

Ingo Klöcker
On Freitag, 26. März 2021 15:16:15 CET Erik Reinertsen via Gnupg-users wrote:
> > Moreover, let's time gpg signing without git. Run
> > echo Hello | time gpg --clearsign
>
> gpg --clearsign  0.01s user 0.01s system 0% cpu 6.696 total

I'm not sure that I understand the result. (The time command on my system has
a different output format.) Does the "6.696 total" mean that clearsigning took
almost 7 seconds? gpg didn't ask you for your passphrase, right?

Try putting
  log-file /somewhere/gpg.log
  verbose
  debug ipc,lookup
into ~/.gnupg/gpg.conf

Then make a signed test commit and check the log file.

Regards,
Ingo

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: GPG slows git commit

GnuPG - User mailing list
Ingo,

Thank you for the response.

If I run the same command again, I am prompted to enter my passphrase. Subsequently, I get:


gpg: using "581F6A88B3F58A4E94A26040153F263741C51DC1" as default secret key for signing
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIzBAEBCAAdFiEEWB9qiLP1ik6UomBAFT8mN0HFHcEFAmBsjzEACgkQFT8mN0H
...

=JcnT
-----END PGP SIGNATURE-----
gpg --clearsign  0.01s user 0.02s system 0% cpu 7.230 total

Note I am on macOS 11.2.3 and zsh 5.8.

Regarding your other suggestions, I don't have a command called "log-file". Is the full suggested syntax "log-file /somewhere/gpg.log"?

Sorry if I'm missing obvious things here.

Erik

> On Mar 27, 2021, at 5:01 PM, Ingo Klöcker <[hidden email]> wrote:
>
> On Freitag, 26. März 2021 15:16:15 CET Erik Reinertsen via Gnupg-users wrote:
>>> Moreover, let's time gpg signing without git. Run
>>> echo Hello | time gpg --clearsign
>>
>> gpg --clearsign  0.01s user 0.01s system 0% cpu 6.696 total
>
> I'm not sure that I understand the result. (The time command on my system has
> a different output format.) Does the "6.696 total" mean that clearsigning took
> almost 7 seconds? gpg didn't ask you for your passphrase, right?
>
> Try putting
>  log-file /somewhere/gpg.log
>  verbose
>  debug ipc,lookup
> into ~/.gnupg/gpg.conf
>
> Then make a signed test commit and check the log file.
>
> Regards,
> Ingo
> _______________________________________________
> Gnupg-users mailing list
> [hidden email]
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users