aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohannes Löthberg <johannes@kyriasis.com>2016-10-05 11:19:05 +0200
committerJohannes Löthberg <johannes@kyriasis.com>2017-06-01 18:37:35 +0200
commit94b77a584d69fa69e833d7a96eebbb5b745620ce (patch)
tree32e1795225e26cbcfbd4f2127e8b7543409dee26
parent151387c3f2815e60d53d569f3a0b7005898bf7c5 (diff)
downloaddotfiles-94b77a584d69fa69e833d7a96eebbb5b745620ce.tar.xz
gnupg: Bump
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
-rw-r--r--gnupg/gpg-agent.conf4
-rw-r--r--gnupg/gpg.conf28
2 files changed, 18 insertions, 14 deletions
diff --git a/gnupg/gpg-agent.conf b/gnupg/gpg-agent.conf
index 55a4b3d..b130098 100644
--- a/gnupg/gpg-agent.conf
+++ b/gnupg/gpg-agent.conf
@@ -9,5 +9,5 @@ max-cache-ttl 3000
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.
-#pinentry-program /usr/bin/pinentry-qt4
-pinentry-program /usr/bin/pinentry-curses
+pinentry-program /usr/bin/pinentry-qt
+#pinentry-program /usr/bin/pinentry-gtk-2
diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf
index 282f4e8..6aa561f 100644
--- a/gnupg/gpg.conf
+++ b/gnupg/gpg.conf
@@ -1,24 +1,25 @@
+default-key 5134EF9EAF65F95B6BB1608E50FB9B273A9D0BB5
+
+# always encrypt things to my own key as well
+# Fails with .10 if this is a fingerprint?
+encrypt-to 0x50FB9B273A9D0BB5
+
+# Use ASCII armored output instead of binary OpenPGP format.
armor
+
use-agent
utf8-strings
charset utf-8
display-charset utf-8
homedir ~/.config/gnupg
-default-key 0x50FB9B273A9D0BB5
-keyserver hkp://pool.sks-keyservers.net
+keyserver hkps://hkps.pool.sks-keyservers.net
-# don't honor the keyserver url a key specifies;
-# always use sks-keyservers.net over https
-keyserver-options no-honor-keyserver-url
+keyserver-options auto-key-retrieve no-honor-keyserver-url honor-pka-record include-subkeys
-# use the local keyring, DNS, and keyservers to auto-locate keys
-auto-key-locate local,cert,pka,keyserver
-keyserver-options honor-pka-record,auto-key-retrieve
-verify-options show-keyserver-urls,pka-lookups
+auto-key-locate dane pka cert keyserver
-# always encrypt things to my own key, too.
-encrypt-to 3A9D0BB5
+verify-options show-notations show-keyserver-urls pka-lookups pka-trust-increase
# when outputting certificates, view user IDs distinctly from keys:
fixed-list-mode
@@ -31,7 +32,7 @@ with-fingerprint
# when multiple digests are supported by all recipients, choose the strongest one:
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
-# preferences chosen for new keys should prioritize stronger algorithms:
+# preferences chosen for new keys should prioritize stronger algorithms:
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
# You should always know at a glance which User IDs gpg thinks are legitimately bound to the keys in your keyring:
@@ -43,3 +44,6 @@ cert-digest-algo SHA512
# don't include the gpg version in the ASCII armored output
no-emit-version
+
+sig-notation pka-address@gnupg.org=johannes@kyriasis.com
+sig-notation issuer-fpr@notations.openpgp.fifthhorseman.net=%g