X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=mail%2Fgnupg%2Fgpg.conf;fp=mail%2Fgnupg%2Fgpg.conf;h=2cbec146950ffaa25a7bad98e7af1159f8e2abe2;hb=214dc48c13fb068452efcb832809bddf6c5601a5;hp=0000000000000000000000000000000000000000;hpb=7944bc5ce0d42f27738cc087ece4edbba02d0747;p=config%2Fdotfiles.git diff --git a/mail/gnupg/gpg.conf b/mail/gnupg/gpg.conf new file mode 100644 index 0000000..2cbec14 --- /dev/null +++ b/mail/gnupg/gpg.conf @@ -0,0 +1,82 @@ +# Configuration file for GnuPG. +# +# Thanks to [1] for some hints to generate stronger keys (read on 2013-04-04). +# +# [1]: https://we.riseup.net/riseuplabs+paow/openpgp-best-practices + +# Copyright (C) 2009-2013 Simon Ruderich +# +# This file is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file. If not, see . + + +# DISPLAY + +# Don't display the copyright notice. +no-greeting + +# Use long keyids because the short ones have collisions. +keyid-format 0xlong + + +# KEY GENERATION + +# Use stronger preferences. These are not enforced, but tried in the given +# order and the first supported by all recipients is used. +# +# Ciphers for encryption. +personal-cipher-preferences AES256 AES192 AES CAST5 +# Don't use insecure hashes like SHA1 or MD5 and prefer stronger hashes. +personal-digest-preferences SHA512 SHA384 SHA256 SHA224 +# Prefer better compression methods. +personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed + +# Default preferences when generating a new key. Use the three settings above +# combined to create stronger keys. +default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed + +# Don't use SHA1 when signing keys, this includes self-certificates. This +# setting is separate from the settings above and needs to be explicitly set +# or SHA1 will be used! Thanks to [1]. +cert-digest-algo SHA512 + + +# KEY PROTECTION + +# Mangle passphrases for private keys and symmetric encryption by applying a +# hash function (s2k-digest-algo) with a salt s2k-count times (default). +s2k-mode 3 +# Increase count. Takes ~0.5 seconds on my machine. +s2k-count 3538944 +# Use SHA-512 as hash function. Takes a little longer than SHA-1, which is the +# default. +s2k-digest-algo SHA512 + + +# KEYSERVERS + +# Use the given keyserver. +keyserver hkp://pool.sks-keyservers.net + +# Don't use the preferred keyserver of the key, but our keyserver pool +# instead. This way we won't use any broken keyservers like pgp.mit.edu +# specified by the key. +keyserver-options no-honor-keyserver-url + + +# MY KEYS + +# Use my newest key as default key. +default-key 0x92FEFDB7E44C32F9 + +# vim: ft=gpg