# Configuration file for GnuPG. # # Thanks to [1] for some hints to generate stronger keys (read on 2013-04-04). # # [1]: https://we.riseup.net/riseuplabs+paow/openpgp-best-practices # Copyright (C) 2009-2013 Simon Ruderich # # This file is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This file is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this file. If not, see . # DISPLAY # Don't display the copyright notice. no-greeting # Use long keyids because the short ones have collisions. keyid-format 0xlong # Display validity of UIDs when verifying signatures. list-options show-uid-validity verify-options show-uid-validity # KEY GENERATION # Use stronger preferences. These are not enforced, but tried in the given # order and the first supported by all recipients is used. # # Ciphers for encryption. personal-cipher-preferences AES256 AES192 AES CAST5 # Don't use insecure hashes like SHA1 or MD5 and prefer stronger hashes. personal-digest-preferences SHA512 SHA384 SHA256 SHA224 # Prefer better compression methods. personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed # Default preferences when generating a new key. Use the three settings above # combined to create stronger keys. default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed # Don't use SHA1 when signing keys, this includes self-certificates. This # setting is separate from the settings above and needs to be explicitly set # or SHA1 will be used! Thanks to [1]. cert-digest-algo SHA512 # KEY PROTECTION # Mangle passphrases for private keys and symmetric encryption by applying a # hash function (s2k-digest-algo) with a salt s2k-count times (default). s2k-mode 3 # Increase count. Takes ~0.5 seconds on my machine. s2k-count 3538944 # Use SHA-512 as hash function. Takes a little longer than SHA-1, which is the # default. s2k-digest-algo SHA512 # KEYSERVERS # Use the given keyserver. keyserver hkp://pool.sks-keyservers.net # Don't use the preferred keyserver of the key, but our keyserver pool # instead. This way we won't use any broken keyservers like pgp.mit.edu # specified by the key. keyserver-options no-honor-keyserver-url # vim: ft=gpg