From 0b08340aecac94e17356431894c9635d9bc958d2 Mon Sep 17 00:00:00 2001 From: Weitian LI Date: Mon, 19 Jan 2015 10:21:08 +0800 Subject: Updated various configs. --- .gnupg/gpg.conf | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 120 insertions(+) create mode 100644 .gnupg/gpg.conf (limited to '.gnupg/gpg.conf') diff --git a/.gnupg/gpg.conf b/.gnupg/gpg.conf new file mode 100644 index 0000000..6db3bf6 --- /dev/null +++ b/.gnupg/gpg.conf @@ -0,0 +1,120 @@ +##################################################################### +# GnuPG configuration file +# ~/.gnupg/gpg.conf +# +# Based on Github: ioerror/duraconf's configuration: +# https://github.com/ioerror/duraconf/blob/master/configs/gnupg/gpg.conf +# +# Reference: +# [1] Riseup: OpenPGP Best Practices +# https://help.riseup.net/en/gpg-best-practices +# [2] Secure GnuPG configuration +# http://sparkslinux.wordpress.com/2013/07/09/secure-gnupg-configuration +# +# Weitian LI +# Created: 2014/06/12 +# Updated: 2015/01/19 +##################################################################### + +#----------------------------- +# default key +#----------------------------- + +# The default key to sign with. If this option is not used, the default key is +# the first key found in the secret keyring +default-key 0xF00D615C9984147B450F56EAF81BF4535F26EBF6 + +#----------------------------- +# behavior +#----------------------------- + +# Uncomment the following option to get rid of the copyright notice +no-greeting + +# create ASCII armored output (default is binary OpenPGP format) +#armor + +# If you do not use the Latin-1 (ISO-8859-1) charset, you should tell +# GnuPG which is the native character set. Please check the man page +# for supported character sets. This character set is only used for +# metadata and not for the actual message which does not undergo any +# translation. Note that future version of GnuPG will change to UTF-8 +# as default character set. +charset utf-8 + +# Disable inclusion of the version string in ASCII armored output +no-emit-version + +# Disable comment string in clear text signatures and ASCII armored messages +no-comments + +# Display long key IDs +keyid-format 0xlong + +# List all keys (or the specified ones) along with their fingerprints +with-fingerprint + +# Display the calculated validity of user IDs during key listings +list-options show-uid-validity +verify-options show-uid-validity + +# Try to use the GnuPG-Agent. With this option, GnuPG first tries to connect to +# the agent before it asks for a passphrase. +use-agent + +#----------------------------- +# keyserver +#----------------------------- + +# This is the server that --recv-keys, --send-keys, and --search-keys will +# communicate with to receive keys from, send keys to, and search for keys on +keyserver hkp://pool.sks-keyservers.net +#keyserver hkps://hkps.pool.sks-keyservers.net + +# Provide a certificate store to override the system default +# Get this from https://sks-keyservers.net/sks-keyservers.netCA.pem +# option 'ca-cert-file' is obsolete. (GnuPG >= 2.1) +#keyserver-options ca-cert-file=~/dotfiles/.gnupg/sks-keyservers.netCA.pem + +# Set the proxy to use for HTTP and HKP keyservers - default to the standard +# local Tor socks proxy +# It is encouraged to use Tor for improved anonymity. Preferrably use either a +# dedicated SOCKSPort for GnuPG and/or enable IsolateDestPort and +# IsolateDestAddr +#keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 +# Don't leak DNS, see https://trac.torproject.org/projects/tor/ticket/2846 +keyserver-options no-try-dns-srv + +# When using --refresh-keys, if the key in question has a preferred keyserver +# URL, then disable use of that preferred keyserver to refresh the key from +keyserver-options no-honor-keyserver-url + +# When searching for a key with --search-keys, include keys that are marked on +# the keyserver as revoked +keyserver-options include-revoked + +#----------------------------- +# algorithm and ciphers +#----------------------------- + +# list of personal digest preferences. When multiple digests are supported by +# all recipients, choose the strongest one +#personal-cipher-preferences AES256 TWOFISH AES192 AES +personal-cipher-preferences AES256 AES192 AES CAST5 + +# list of personal digest preferences. When multiple ciphers are supported by +# all recipients, choose the strongest one +personal-digest-preferences SHA512 SHA384 SHA256 SHA224 + +# list of personal compress preferences +personal-compress-preferences ZLIB BZIP2 ZIP + +# message digest algorithm used when signing a key +cert-digest-algo SHA512 + +# This preference list is used for new keys and becomes the default for +# "setpref" in the edit menu +#default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 TWOFISH AES192 AES ZLIB BZIP2 ZIP Uncompressed +default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed + +# vim: set ts=8 sw=4 tw=0 fenc=utf-8 ft=gpg: # -- cgit v1.2.2