From: Simon Ruderich <simon@ruderich.org>
Date: Wed, 23 Oct 2013 22:52:54 +0000 (+0200)
Subject: gnupg/gpg.conf: Use key stretching for private keys.
X-Git-Url: https://ruderich.org/simon/gitweb/?a=commitdiff_plain;h=a89f2a4e3eee21f740fcf573163c4a16666ffca0;p=config%2Fdotfiles.git

gnupg/gpg.conf: Use key stretching for private keys.
---

diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf
index 5697d17..57839cc 100644
--- a/gnupg/gpg.conf
+++ b/gnupg/gpg.conf
@@ -51,6 +51,18 @@ default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP
 cert-digest-algo SHA512
 
 
+# KEY PROTECTION
+
+# Mangle passphrases for private keys and symmetric encryption by applying a
+# hash function (s2k-digest-algo) with a salt s2k-count times (default).
+s2k-mode 3
+# Increase count. Takes ~0.5 seconds on my machine.
+s2k-count 3538944
+# Use SHA-512 as hash function. Takes a little longer than SHA-1, which is the
+# default.
+s2k-digest-algo SHA512
+
+
 # KEYSERVERS
 
 # Use the given keyserver.