X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=gnupg%2Fgpg.conf;h=2cbec146950ffaa25a7bad98e7af1159f8e2abe2;hb=bf502c718806d7711c584078648803affa67e127;hp=5697d171b89b7e09d5b3fc5e219eda9395ee0389;hpb=24ae9a560857f589323d837416bec064657c57ca;p=config%2Fdotfiles.git

diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf
index 5697d17..2cbec14 100644
--- a/gnupg/gpg.conf
+++ b/gnupg/gpg.conf
@@ -51,11 +51,28 @@ default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP
 cert-digest-algo SHA512
 
 
+# KEY PROTECTION
+
+# Mangle passphrases for private keys and symmetric encryption by applying a
+# hash function (s2k-digest-algo) with a salt s2k-count times (default).
+s2k-mode 3
+# Increase count. Takes ~0.5 seconds on my machine.
+s2k-count 3538944
+# Use SHA-512 as hash function. Takes a little longer than SHA-1, which is the
+# default.
+s2k-digest-algo SHA512
+
+
 # KEYSERVERS
 
 # Use the given keyserver.
 keyserver hkp://pool.sks-keyservers.net
 
+# Don't use the preferred keyserver of the key, but our keyserver pool
+# instead. This way we won't use any broken keyservers like pgp.mit.edu
+# specified by the key.
+keyserver-options no-honor-keyserver-url
+
 
 # MY KEYS