X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;ds=sidebyside;f=gnupg%2Fgpg.conf;h=2cbec146950ffaa25a7bad98e7af1159f8e2abe2;hb=2e82ecff94dbd9d9b2374768721f3c43b69ee726;hp=8c115f75c067fcdc8ebd3e36ce8c233cd3233a68;hpb=cf7c3fc7c0313a23729011395445f8af15db0fed;p=config%2Fdotfiles.git diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf index 8c115f7..2cbec14 100644 --- a/gnupg/gpg.conf +++ b/gnupg/gpg.conf @@ -1,11 +1,10 @@ # Configuration file for GnuPG. # -# Thanks to [1] for some hints to generate more secure keys (read on -# 2013-04-04). +# Thanks to [1] for some hints to generate stronger keys (read on 2013-04-04). # # [1]: https://we.riseup.net/riseuplabs+paow/openpgp-best-practices -# Copyright (C) 2009-2012 Simon Ruderich +# Copyright (C) 2009-2013 Simon Ruderich # # This file is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -26,10 +25,13 @@ # Don't display the copyright notice. no-greeting +# Use long keyids because the short ones have collisions. +keyid-format 0xlong + # KEY GENERATION -# Use more secure preferences. These are not enforced, but tried in the given +# Use stronger preferences. These are not enforced, but tried in the given # order and the first supported by all recipients is used. # # Ciphers for encryption. @@ -40,7 +42,7 @@ personal-digest-preferences SHA512 SHA384 SHA256 SHA224 personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed # Default preferences when generating a new key. Use the three settings above -# combined to create more secure keys. +# combined to create stronger keys. default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed # Don't use SHA1 when signing keys, this includes self-certificates. This @@ -49,15 +51,32 @@ default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP cert-digest-algo SHA512 +# KEY PROTECTION + +# Mangle passphrases for private keys and symmetric encryption by applying a +# hash function (s2k-digest-algo) with a salt s2k-count times (default). +s2k-mode 3 +# Increase count. Takes ~0.5 seconds on my machine. +s2k-count 3538944 +# Use SHA-512 as hash function. Takes a little longer than SHA-1, which is the +# default. +s2k-digest-algo SHA512 + + # KEYSERVERS # Use the given keyserver. keyserver hkp://pool.sks-keyservers.net +# Don't use the preferred keyserver of the key, but our keyserver pool +# instead. This way we won't use any broken keyservers like pgp.mit.edu +# specified by the key. +keyserver-options no-honor-keyserver-url + # MY KEYS # Use my newest key as default key. -default-key 0xE44C32F9 +default-key 0x92FEFDB7E44C32F9 # vim: ft=gpg