If Enigmail worked correctly until recently and all of a sudden, it looks like Enigmail wouldn't initialize anymore, does not decrypt any messages anymore or is otherwise extremely slow, then it's likely that you got a key on your keyring that is spoiled with 100.000s of useless signatures (also known as DOS attack on SKS keyservers).
Here is how to resolve this issue:
Step 1
Find out any poisoned keys. The following script is for Linux/macOS/Unix:
To clean a key from the unusable signatures, type the following command, replacing KEYIDwith the keyid of the poisoned key. Repeat this for all affected keys :
gpg --edit-key KEYID clean save
This can take up to 60 minutes on a reasonably fast notebook.
Step 3
After the clean-up of all keys, pick the top key and execute:
gpg --edit-key KEYID check clean save
This should now be pretty quick. Enigmail should be responsive again after this.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I just tried that script on my Arch Linux laptop. I only have GnuPG 2.2 installed, keys are converted to the new keyDB format. Thus I don't have a pubring.gpg so the script yields
script: line 1: /home/olav/.gnupg/pubring.gpg: file not found
1 unset
Last edit: Olav Seyfarth 2019-07-27
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Correct, But if you have a new keyDB database, you won't see the symptoms I described. In this case, you will only experience very slow performance if youdirectly access one of the keys affected. Loading the keylist etc. (which is the cause for the symptoms I described) will be OK.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If Enigmail worked correctly until recently and all of a sudden, it looks like Enigmail wouldn't initialize anymore, does not decrypt any messages anymore or is otherwise extremely slow, then it's likely that you got a key on your keyring that is spoiled with 100.000s of useless signatures (also known as DOS attack on SKS keyservers).
Here is how to resolve this issue:
Step 1
Find out any poisoned keys. The following script is for Linux/macOS/Unix:
The biggest keys ones are probably the poisoned. There should be no lines with values greater than 10.000. Let's assume your list starts like this:
Then you should repair the top 3 keys.
Step 2
To clean a key from the unusable signatures, type the following command, replacing
KEYID
with the keyid of the poisoned key. Repeat this for all affected keys :This can take up to 60 minutes on a reasonably fast notebook.
Step 3
After the clean-up of all keys, pick the top key and execute:
This should now be pretty quick. Enigmail should be responsive again after this.
I just tried that script on my Arch Linux laptop. I only have GnuPG 2.2 installed, keys are converted to the new keyDB format. Thus I don't have a pubring.gpg so the script yields
Last edit: Olav Seyfarth 2019-07-27
Correct, But if you have a new keyDB database, you won't see the symptoms I described. In this case, you will only experience very slow performance if youdirectly access one of the keys affected. Loading the keylist etc. (which is the cause for the symptoms I described) will be OK.