diff options
-rw-r--r-- | gnupg/gpg-agent.conf | 4 | ||||
-rw-r--r-- | gnupg/gpg.conf | 28 |
2 files changed, 18 insertions, 14 deletions
diff --git a/gnupg/gpg-agent.conf b/gnupg/gpg-agent.conf index 55a4b3d..b130098 100644 --- a/gnupg/gpg-agent.conf +++ b/gnupg/gpg-agent.conf @@ -9,5 +9,5 @@ max-cache-ttl 3000 # GPGConf edited this configuration file. # It will disable options before this marked block, but it will # never change anything below these lines. -#pinentry-program /usr/bin/pinentry-qt4 -pinentry-program /usr/bin/pinentry-curses +pinentry-program /usr/bin/pinentry-qt +#pinentry-program /usr/bin/pinentry-gtk-2 diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf index 282f4e8..6aa561f 100644 --- a/gnupg/gpg.conf +++ b/gnupg/gpg.conf @@ -1,24 +1,25 @@ +default-key 5134EF9EAF65F95B6BB1608E50FB9B273A9D0BB5 + +# always encrypt things to my own key as well +# Fails with .10 if this is a fingerprint? +encrypt-to 0x50FB9B273A9D0BB5 + +# Use ASCII armored output instead of binary OpenPGP format. armor + use-agent utf8-strings charset utf-8 display-charset utf-8 homedir ~/.config/gnupg -default-key 0x50FB9B273A9D0BB5 -keyserver hkp://pool.sks-keyservers.net +keyserver hkps://hkps.pool.sks-keyservers.net -# don't honor the keyserver url a key specifies; -# always use sks-keyservers.net over https -keyserver-options no-honor-keyserver-url +keyserver-options auto-key-retrieve no-honor-keyserver-url honor-pka-record include-subkeys -# use the local keyring, DNS, and keyservers to auto-locate keys -auto-key-locate local,cert,pka,keyserver -keyserver-options honor-pka-record,auto-key-retrieve -verify-options show-keyserver-urls,pka-lookups +auto-key-locate dane pka cert keyserver -# always encrypt things to my own key, too. -encrypt-to 3A9D0BB5 +verify-options show-notations show-keyserver-urls pka-lookups pka-trust-increase # when outputting certificates, view user IDs distinctly from keys: fixed-list-mode @@ -31,7 +32,7 @@ with-fingerprint # when multiple digests are supported by all recipients, choose the strongest one: personal-digest-preferences SHA512 SHA384 SHA256 SHA224 -# preferences chosen for new keys should prioritize stronger algorithms: +# preferences chosen for new keys should prioritize stronger algorithms: default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed # You should always know at a glance which User IDs gpg thinks are legitimately bound to the keys in your keyring: @@ -43,3 +44,6 @@ cert-digest-algo SHA512 # don't include the gpg version in the ASCII armored output no-emit-version + +sig-notation pka-address@gnupg.org=johannes@kyriasis.com +sig-notation issuer-fpr@notations.openpgp.fifthhorseman.net=%g |