From 028ab301fe80c9ed872fe8ba4be2819648e30d97 Mon Sep 17 00:00:00 2001
From: Aaron LI <aaronly.me@gmail.com>
Date: Wed, 6 Jan 2016 19:15:10 +0800
Subject: Add fish & redshift configs; Update gpg configs; Add mutt scripts

---
 .gnupg/gpg.conf | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

(limited to '.gnupg/gpg.conf')

diff --git a/.gnupg/gpg.conf b/.gnupg/gpg.conf
index 6db3bf6..258c10e 100644
--- a/.gnupg/gpg.conf
+++ b/.gnupg/gpg.conf
@@ -13,7 +13,7 @@
 #
 # Weitian LI <liweitianux@gmail.com>
 # Created: 2014/06/12
-# Updated: 2015/01/19
+# Updated: 2015/08/19
 #####################################################################
 
 #-----------------------------
@@ -22,7 +22,7 @@
 
 # The default key to sign with. If this option is not used, the default key is
 # the first key found in the secret keyring
-default-key 0xF00D615C9984147B450F56EAF81BF4535F26EBF6
+default-key 0xAC3464FADAAE632186099CA6240E2A635D72729A
 
 #-----------------------------
 # behavior
@@ -68,8 +68,8 @@ use-agent
 
 # This is the server that --recv-keys, --send-keys, and --search-keys will
 # communicate with to receive keys from, send keys to, and search for keys on
-keyserver hkp://pool.sks-keyservers.net
-#keyserver hkps://hkps.pool.sks-keyservers.net
+#keyserver hkp://pool.sks-keyservers.net
+keyserver hkps://hkps.pool.sks-keyservers.net
 
 # Provide a certificate store to override the system default
 # Get this from https://sks-keyservers.net/sks-keyservers.netCA.pem
@@ -83,7 +83,8 @@ keyserver hkp://pool.sks-keyservers.net
 # IsolateDestAddr
 #keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050
 # Don't leak DNS, see https://trac.torproject.org/projects/tor/ticket/2846
-keyserver-options no-try-dns-srv
+# XXX: unknown to gnupg 2.1.7
+#keyserver-options no-try-dns-srv
 
 # When using --refresh-keys, if the key in question has a preferred keyserver
 # URL, then disable use of that preferred keyserver to refresh the key from
@@ -93,6 +94,15 @@ keyserver-options no-honor-keyserver-url
 # the keyserver as revoked
 keyserver-options include-revoked
 
+# Automatic retrieve keys from a keyserver when verifying signatures made by
+# keys that are not on the local keyring.
+# NOTE: This option makes a "web bug" like behavior possible.
+#       Keyserver operators can see which keys you rquest, so by sending
+#       you a message signed by a brand new key (which you naturally will
+#       not have on your local keyring), the operator can tell both your
+#       IP address and the time when you verified the signature.
+keyserver-options auto-key-retrieve
+
 #-----------------------------
 # algorithm and ciphers
 #-----------------------------
-- 
cgit v1.2.2