diff options
Diffstat (limited to '.gnupg')
| -rw-r--r-- | .gnupg/gpg-agent.conf | 4 | ||||
| -rw-r--r-- | .gnupg/gpg.conf | 20 |
2 files changed, 17 insertions, 7 deletions
diff --git a/.gnupg/gpg-agent.conf b/.gnupg/gpg-agent.conf index ca503bd..35d2924 100644 --- a/.gnupg/gpg-agent.conf +++ b/.gnupg/gpg-agent.conf @@ -15,7 +15,7 @@ pinentry-program /usr/bin/pinentry-gtk-2 no-grab -# default timeout of the passphrase (10 minutes) -default-cache-ttl 600 +# default timeout of the passphrase (60 minutes) +default-cache-ttl 3600 # vim: set ts=8 sw=4 tw=0 fenc=utf-8 ft=gpg: # diff --git a/.gnupg/gpg.conf b/.gnupg/gpg.conf index 6db3bf6..258c10e 100644 --- a/.gnupg/gpg.conf +++ b/.gnupg/gpg.conf @@ -13,7 +13,7 @@ # # Weitian LI <liweitianux@gmail.com> # Created: 2014/06/12 -# Updated: 2015/01/19 +# Updated: 2015/08/19 ##################################################################### #----------------------------- @@ -22,7 +22,7 @@ # The default key to sign with. If this option is not used, the default key is # the first key found in the secret keyring -default-key 0xF00D615C9984147B450F56EAF81BF4535F26EBF6 +default-key 0xAC3464FADAAE632186099CA6240E2A635D72729A #----------------------------- # behavior @@ -68,8 +68,8 @@ use-agent # This is the server that --recv-keys, --send-keys, and --search-keys will # communicate with to receive keys from, send keys to, and search for keys on -keyserver hkp://pool.sks-keyservers.net -#keyserver hkps://hkps.pool.sks-keyservers.net +#keyserver hkp://pool.sks-keyservers.net +keyserver hkps://hkps.pool.sks-keyservers.net # Provide a certificate store to override the system default # Get this from https://sks-keyservers.net/sks-keyservers.netCA.pem @@ -83,7 +83,8 @@ keyserver hkp://pool.sks-keyservers.net # IsolateDestAddr #keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 # Don't leak DNS, see https://trac.torproject.org/projects/tor/ticket/2846 -keyserver-options no-try-dns-srv +# XXX: unknown to gnupg 2.1.7 +#keyserver-options no-try-dns-srv # When using --refresh-keys, if the key in question has a preferred keyserver # URL, then disable use of that preferred keyserver to refresh the key from @@ -93,6 +94,15 @@ keyserver-options no-honor-keyserver-url # the keyserver as revoked keyserver-options include-revoked +# Automatic retrieve keys from a keyserver when verifying signatures made by +# keys that are not on the local keyring. +# NOTE: This option makes a "web bug" like behavior possible. +# Keyserver operators can see which keys you rquest, so by sending +# you a message signed by a brand new key (which you naturally will +# not have on your local keyring), the operator can tell both your +# IP address and the time when you verified the signature. +keyserver-options auto-key-retrieve + #----------------------------- # algorithm and ciphers #----------------------------- |