From cc00f50be9fd7250fce9336a38b4fb9479dab746 Mon Sep 17 00:00:00 2001 From: Johannes Löthberg Date: Wed, 24 Sep 2014 10:05:23 +0200 Subject: Restructure gpg.conf --- gnupg/gpg.conf | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) (limited to 'gnupg') diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf index 015c0c3..b7c1e33 100644 --- a/gnupg/gpg.conf +++ b/gnupg/gpg.conf @@ -1,35 +1,44 @@ - -###+++--- GPGConf ---+++### +armor +use-agent utf8-strings +charset utf-8 +display-charset utf-8 +homedir ~/.config/gnupg +list-options show-photos + +# use sks-keyservers.net over https keyserver hkps.pool.sks-keyservers.net keyserver-options ca-cert-file=~/.config/gnupg/sks-keyservers.netCA.pem + +# don't honor the keyserver url a key specifies; +# always use sks-keyservers.net over https keyserver-options no-honor-keyserver-url + +# use the local keyring, DNS, and keyservers to auto-locate keys auto-key-locate local,cert,pka,keyserver keyserver-options honor-pka-record,auto-key-retrieve verify-options show-keyserver-urls,pka-lookups -###+++--- GPGConf ---+++### Tue 14 Jan 2014 09:55:23 AM CET -# GPGConf edited this configuration file. -# It will disable options before this marked block, but it will -# never change anything below these lines. -default-key 3A9D0BB5 -homedir ~/.config/gnupg -display-charset utf-8 -armor -use-agent + +# always encrypt things to my own key, too. encrypt-to 3A9D0BB5 -personal-digest-preferences SHA512 # when outputting certificates, view user IDs distinctly from keys: fixed-list-mode -# short-keyids are trivially spoofed; it's easy to create a long-keyid collision; if you care about strong key identifiers, you always want to see the fingerprint: + +# short-keyids are trivially spoofed; it's easy to create a long-keyid collision; +# if you care about strong key identifiers, you always want to see the fingerprint: keyid-format 0xlong with-fingerprint + # when multiple digests are supported by all recipients, choose the strongest one: personal-digest-preferences SHA512 SHA384 SHA256 SHA224 + # preferences chosen for new keys should prioritize stronger algorithms: default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed + # You should always know at a glance which User IDs gpg thinks are legitimately bound to the keys in your keyring: verify-options show-uid-validity list-options show-uid-validity + # when making an OpenPGP certification, use a stronger digest than the default SHA1: cert-digest-algo SHA512 -- cgit v1.2.3-54-g00ecf