]> ruderich.org/simon Gitweb - config/dotfiles.git/blobdiff - gnupg/gpg.conf
ruderich.org/simon / config / dotfiles.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
gnupg/gpg.conf: Ignore keyserver preferences on public keys.
[config/dotfiles.git] / gnupg / gpg.conf
diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf
index 5697d171b89b7e09d5b3fc5e219eda9395ee0389..2cbec146950ffaa25a7bad98e7af1159f8e2abe2 100644 (file)
--- a/gnupg/gpg.conf
+++ b/gnupg/gpg.conf
@@ -51,11 +51,28 @@ default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP
 cert-digest-algo SHA512
 
 
+# KEY PROTECTION
+
+# Mangle passphrases for private keys and symmetric encryption by applying a
+# hash function (s2k-digest-algo) with a salt s2k-count times (default).
+s2k-mode 3
+# Increase count. Takes ~0.5 seconds on my machine.
+s2k-count 3538944
+# Use SHA-512 as hash function. Takes a little longer than SHA-1, which is the
+# default.
+s2k-digest-algo SHA512
+
+
 # KEYSERVERS
 
 # Use the given keyserver.
 keyserver hkp://pool.sks-keyservers.net
 
+# Don't use the preferred keyserver of the key, but our keyserver pool
+# instead. This way we won't use any broken keyservers like pgp.mit.edu
+# specified by the key.
+keyserver-options no-honor-keyserver-url
+
 
 # MY KEYS
 
Configuration files for zsh, vim, git, mutt, herbstluftwm and a few more shell and X11 related programs