diff options
| author | Johannes Löthberg <johannes@kyriasis.com> | 2014-09-24 10:05:23 +0200 |
|---|---|---|
| committer | Johannes Löthberg <johannes@kyriasis.com> | 2014-09-24 10:05:23 +0200 |
| commit | cc00f50be9fd7250fce9336a38b4fb9479dab746 (patch) | |
| tree | 7894d93c18bac572e0f287971f3027931b24dd42 /gnupg | |
| parent | f14a9d214f3a3873a41c0c1229f89c3460103e93 (diff) | |
| download | dotfiles-cc00f50be9fd7250fce9336a38b4fb9479dab746.tar.xz | |
Restructure gpg.conf
Diffstat (limited to 'gnupg')
| -rw-r--r-- | gnupg/gpg.conf | 35 |
1 files changed, 22 insertions, 13 deletions
diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf index 015c0c3..b7c1e33 100644 --- a/gnupg/gpg.conf +++ b/gnupg/gpg.conf @@ -1,35 +1,44 @@ - -###+++--- GPGConf ---+++### +armor +use-agent utf8-strings +charset utf-8 +display-charset utf-8 +homedir ~/.config/gnupg +list-options show-photos + +# use sks-keyservers.net over https keyserver hkps.pool.sks-keyservers.net keyserver-options ca-cert-file=~/.config/gnupg/sks-keyservers.netCA.pem + +# don't honor the keyserver url a key specifies; +# always use sks-keyservers.net over https keyserver-options no-honor-keyserver-url + +# use the local keyring, DNS, and keyservers to auto-locate keys auto-key-locate local,cert,pka,keyserver keyserver-options honor-pka-record,auto-key-retrieve verify-options show-keyserver-urls,pka-lookups -###+++--- GPGConf ---+++### Tue 14 Jan 2014 09:55:23 AM CET -# GPGConf edited this configuration file. -# It will disable options before this marked block, but it will -# never change anything below these lines. -default-key 3A9D0BB5 -homedir ~/.config/gnupg -display-charset utf-8 -armor -use-agent + +# always encrypt things to my own key, too. encrypt-to 3A9D0BB5 -personal-digest-preferences SHA512 # when outputting certificates, view user IDs distinctly from keys: fixed-list-mode -# short-keyids are trivially spoofed; it's easy to create a long-keyid collision; if you care about strong key identifiers, you always want to see the fingerprint: + +# short-keyids are trivially spoofed; it's easy to create a long-keyid collision; +# if you care about strong key identifiers, you always want to see the fingerprint: keyid-format 0xlong with-fingerprint + # when multiple digests are supported by all recipients, choose the strongest one: personal-digest-preferences SHA512 SHA384 SHA256 SHA224 + # preferences chosen for new keys should prioritize stronger algorithms: default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed + # You should always know at a glance which User IDs gpg thinks are legitimately bound to the keys in your keyring: verify-options show-uid-validity list-options show-uid-validity + # when making an OpenPGP certification, use a stronger digest than the default SHA1: cert-digest-algo SHA512 |