# Configuration file for GnuPG. # # Thanks to [1] for some hints to generate more secure keys (read on # 2013-04-04). # # [1]: https://we.riseup.net/riseuplabs+paow/openpgp-best-practices # Copyright (C) 2009-2013 Simon Ruderich # # This file is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This file is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this file. If not, see . # DISPLAY # Don't display the copyright notice. no-greeting # Use long keyids because the short ones have collisions. keyid-format 0xlong # KEY GENERATION # Use more secure preferences. These are not enforced, but tried in the given # order and the first supported by all recipients is used. # # Ciphers for encryption. personal-cipher-preferences AES256 AES192 AES CAST5 # Don't use insecure hashes like SHA1 or MD5 and prefer stronger hashes. personal-digest-preferences SHA512 SHA384 SHA256 SHA224 # Prefer better compression methods. personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed # Default preferences when generating a new key. Use the three settings above # combined to create more secure keys. default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed # Don't use SHA1 when signing keys, this includes self-certificates. This # setting is separate from the settings above and needs to be explicitly set # or SHA1 will be used! Thanks to [1]. cert-digest-algo SHA512 # KEYSERVERS # Use the given keyserver. keyserver hkp://pool.sks-keyservers.net # MY KEYS # Use my newest key as default key. default-key 0x92FEFDB7E44C32F9 # vim: ft=gpg