diff options
Diffstat (limited to '_gnupg')
| -rw-r--r-- | _gnupg/dirmngr.conf | 21 | ||||
| -rw-r--r-- | _gnupg/gpg-agent.conf | 21 | ||||
| -rw-r--r-- | _gnupg/gpg.conf | 130 | ||||
| -rw-r--r-- | _gnupg/sks-keyservers.netCA.pem | 32 |
4 files changed, 204 insertions, 0 deletions
diff --git a/_gnupg/dirmngr.conf b/_gnupg/dirmngr.conf new file mode 100644 index 0000000..7696da9 --- /dev/null +++ b/_gnupg/dirmngr.conf @@ -0,0 +1,21 @@ +##################################################################### +# GnuPG configuration file +# +# dirmngr: CRL and OCSP daemon (GnuPG >= 2.1) +# ~/.gnupg/dirmngr.conf +# +# Ref: +# [1] SKS Keyservers: Overview of the pools +# https://sks-keyservers.net/overview-of-pools.php +# +# Weitian LI <liweitianux@gmail.com> +# 2015/01/16 +##################################################################### + +# keyserver hkps://hkps.pool.sks-keyservers.net +# This pool only contains servers available using hkps. +# keyserver-options ca-cert-file' is obsolete! (GnuPG >= 2.1) +# NOTE: cannot use '~' or '$HOME' in path ?? +hkp-cacert /home/aly/dotfiles/.gnupg/sks-keyservers.netCA.pem + +# vim: set ts=8 sw=4 tw=0 fenc=utf-8 ft=gpg: # diff --git a/_gnupg/gpg-agent.conf b/_gnupg/gpg-agent.conf new file mode 100644 index 0000000..35d2924 --- /dev/null +++ b/_gnupg/gpg-agent.conf @@ -0,0 +1,21 @@ +##################################################################### +# GnuPG Agent configuration file +# ~/.gnupg/gpg-agent.conf +# +# Ref: +# Gentoo wiki: GnuPG +# +# Weitian LI <liweitianux@gmail.com> +# 2014/06/12 +##################################################################### + +pinentry-program /usr/bin/pinentry-gtk-2 +#pinentry-program /usr/bin/pinentry-qt4 +#pinentry-program /usr/bin/pinentry-curses + +no-grab + +# default timeout of the passphrase (60 minutes) +default-cache-ttl 3600 + +# vim: set ts=8 sw=4 tw=0 fenc=utf-8 ft=gpg: # diff --git a/_gnupg/gpg.conf b/_gnupg/gpg.conf new file mode 100644 index 0000000..258c10e --- /dev/null +++ b/_gnupg/gpg.conf @@ -0,0 +1,130 @@ +##################################################################### +# GnuPG configuration file +# ~/.gnupg/gpg.conf +# +# Based on Github: ioerror/duraconf's configuration: +# https://github.com/ioerror/duraconf/blob/master/configs/gnupg/gpg.conf +# +# Reference: +# [1] Riseup: OpenPGP Best Practices +# https://help.riseup.net/en/gpg-best-practices +# [2] Secure GnuPG configuration +# http://sparkslinux.wordpress.com/2013/07/09/secure-gnupg-configuration +# +# Weitian LI <liweitianux@gmail.com> +# Created: 2014/06/12 +# Updated: 2015/08/19 +##################################################################### + +#----------------------------- +# default key +#----------------------------- + +# The default key to sign with. If this option is not used, the default key is +# the first key found in the secret keyring +default-key 0xAC3464FADAAE632186099CA6240E2A635D72729A + +#----------------------------- +# behavior +#----------------------------- + +# Uncomment the following option to get rid of the copyright notice +no-greeting + +# create ASCII armored output (default is binary OpenPGP format) +#armor + +# If you do not use the Latin-1 (ISO-8859-1) charset, you should tell +# GnuPG which is the native character set. Please check the man page +# for supported character sets. This character set is only used for +# metadata and not for the actual message which does not undergo any +# translation. Note that future version of GnuPG will change to UTF-8 +# as default character set. +charset utf-8 + +# Disable inclusion of the version string in ASCII armored output +no-emit-version + +# Disable comment string in clear text signatures and ASCII armored messages +no-comments + +# Display long key IDs +keyid-format 0xlong + +# List all keys (or the specified ones) along with their fingerprints +with-fingerprint + +# Display the calculated validity of user IDs during key listings +list-options show-uid-validity +verify-options show-uid-validity + +# Try to use the GnuPG-Agent. With this option, GnuPG first tries to connect to +# the agent before it asks for a passphrase. +use-agent + +#----------------------------- +# keyserver +#----------------------------- + +# This is the server that --recv-keys, --send-keys, and --search-keys will +# communicate with to receive keys from, send keys to, and search for keys on +#keyserver hkp://pool.sks-keyservers.net +keyserver hkps://hkps.pool.sks-keyservers.net + +# Provide a certificate store to override the system default +# Get this from https://sks-keyservers.net/sks-keyservers.netCA.pem +# option 'ca-cert-file' is obsolete. (GnuPG >= 2.1) +#keyserver-options ca-cert-file=~/dotfiles/.gnupg/sks-keyservers.netCA.pem + +# Set the proxy to use for HTTP and HKP keyservers - default to the standard +# local Tor socks proxy +# It is encouraged to use Tor for improved anonymity. Preferrably use either a +# dedicated SOCKSPort for GnuPG and/or enable IsolateDestPort and +# IsolateDestAddr +#keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 +# Don't leak DNS, see https://trac.torproject.org/projects/tor/ticket/2846 +# XXX: unknown to gnupg 2.1.7 +#keyserver-options no-try-dns-srv + +# When using --refresh-keys, if the key in question has a preferred keyserver +# URL, then disable use of that preferred keyserver to refresh the key from +keyserver-options no-honor-keyserver-url + +# When searching for a key with --search-keys, include keys that are marked on +# the keyserver as revoked +keyserver-options include-revoked + +# Automatic retrieve keys from a keyserver when verifying signatures made by +# keys that are not on the local keyring. +# NOTE: This option makes a "web bug" like behavior possible. +# Keyserver operators can see which keys you rquest, so by sending +# you a message signed by a brand new key (which you naturally will +# not have on your local keyring), the operator can tell both your +# IP address and the time when you verified the signature. +keyserver-options auto-key-retrieve + +#----------------------------- +# algorithm and ciphers +#----------------------------- + +# list of personal digest preferences. When multiple digests are supported by +# all recipients, choose the strongest one +#personal-cipher-preferences AES256 TWOFISH AES192 AES +personal-cipher-preferences AES256 AES192 AES CAST5 + +# list of personal digest preferences. When multiple ciphers are supported by +# all recipients, choose the strongest one +personal-digest-preferences SHA512 SHA384 SHA256 SHA224 + +# list of personal compress preferences +personal-compress-preferences ZLIB BZIP2 ZIP + +# message digest algorithm used when signing a key +cert-digest-algo SHA512 + +# This preference list is used for new keys and becomes the default for +# "setpref" in the edit menu +#default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 TWOFISH AES192 AES ZLIB BZIP2 ZIP Uncompressed +default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed + +# vim: set ts=8 sw=4 tw=0 fenc=utf-8 ft=gpg: # diff --git a/_gnupg/sks-keyservers.netCA.pem b/_gnupg/sks-keyservers.netCA.pem new file mode 100644 index 0000000..24a2ad2 --- /dev/null +++ b/_gnupg/sks-keyservers.netCA.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV +BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u +ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw +MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP +c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr +cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I +6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj +MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F +45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS +FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx +Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4 +aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx +MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y +u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9 +p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP +fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G +A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY +TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR +OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u +gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/ +X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5 +gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB +UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04 +lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT +BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB +cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U +f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G +ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph +WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg== +-----END CERTIFICATE----- |