[pkg-gnupg-maint] Bug#909693: gpgsm: seems to be dead slow when verifying pkcs7-signatures from within Sylpheed

[Francesco Poli (wintermute)]

Package: gpgsm
Version: 2.2.10-1
Severity: important

Hello!

I installed the gpgsm package, in order to verify pkcs7-signatures
in e-mail messages from within Sylpheed.

The combination seems to work, as it is actually able to verify
a signature, as in:

[application/pkcs7-signature (Valid signature (untrusted key))]
Signature made at $DATE
Valid signature but the key for "CN=$CN,O=$O,L=$L,ST=$ST,C=$C" is not trusted
  aka "<e-mail-address at example.com>"

The problem is: it has always been dead slow in doing so.
And it still is.
I cannot understand why.

While verifying an OpenPGP signature with gpg is definitely fast,
verifying a pkcs7-signature with gpgsm is super slow.
And it is slow again *each and every* time I verify the signature
on the same message.
And it blocks Sylpheed during the wait.


Is there anything I should have configured in order to speed up
gpgsm?
I did search the man page, but nothing looks appropriate to me
(probably out of ignorance!).

Could you please help me?
Thanks for your time and patience.
Bye.


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (800, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gpgsm depends on:
ii  gpgconf        2.2.10-1
ii  libassuan0     2.5.1-2
ii  libc6          2.27-6
ii  libgcrypt20    1.8.3-1
ii  libgpg-error0  1.32-1
ii  libksba8       1.3.5-2
ii  libreadline7   7.0-5

Versions of packages gpgsm recommends:
ii  gnupg  2.2.10-1

gpgsm suggests no packages.

-- no debconf information