mirror of
https://github.com/donovanglover/nix-config.git
synced 2025-02-16 17:50:52 +01:00
Add base gpg.conf
This commit is contained in:
Donovan Glover
parent
3218e467f7
commit
f697d7e7b5
68
dotfiles/.gnupg/gpg.conf
Normal file
68
dotfiles/.gnupg/gpg.conf
Normal file
@ -0,0 +1,68 @@
|
||||
##################################################################################
|
||||
#
|
||||
# New Start: A modern Arch workflow built with an emphasis on functionality.
|
||||
# Copyright (C) 2017 Donovan Glover
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
#
|
||||
##################################################################################
|
||||
|
||||
# 1. Use a keypool (specifically sks) instead of a regular keyserver
|
||||
# 2. Use hkps to ensure a secure connection (hkp is to GPG as what http is to the web)
|
||||
keyserver hkps://hkps.pool.sks-keyservers.net
|
||||
|
||||
# Use our own certificate to ensure a secure communication
|
||||
# Verify the certificate with `openssl x509 -in <CERT_FILE> -noout -fingerprint`
|
||||
# This should output 79:1B:27:A3:8E:66:7F:80:27:81:4D:4E:68:E7:C4:78:A4:5D:5A:17
|
||||
keyserver-options ca-cert-file=sks-cert.pem
|
||||
|
||||
# Ignore all other keyservers since they may be malicious, whether intentional or not.
|
||||
# This prevents pulling keys from a specific keyserver and forces GPG to use the keypool
|
||||
keyserver-options no-honor-keyserver-url
|
||||
|
||||
# Use SHA512 instead of SHA256
|
||||
personal-digest-preferences SHA512
|
||||
cert-digest-algo SHA512
|
||||
|
||||
# Use AES256 instead of AES128 or CAST5
|
||||
cipher-algo AES256
|
||||
|
||||
# Prefer encryption algorithms in this order
|
||||
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
|
||||
personal-cipher-preferences TWOFISH CAMELLIA256 AES 3DES
|
||||
|
||||
# Prevent the recipient id from being leaked in the message
|
||||
throw-keyids
|
||||
|
||||
# Always show long key IDs
|
||||
keyid-format 0xlong
|
||||
|
||||
# Always show full fingerprints of keys
|
||||
with-fingerprint
|
||||
|
||||
# Never show the version number (should be default)
|
||||
no-emit-version
|
||||
|
||||
# Never use comments (should be default)
|
||||
no-comments
|
||||
|
||||
# Always use utf-8
|
||||
display-charset utf-8
|
||||
|
||||
# Always view user IDs distinctly from keys (should be default)
|
||||
fixed-list-mode
|
||||
|
||||
# Always show user ID validity (should be default)
|
||||
verify-options show-uid-validity
|
||||
list-options show-uid-validity
|
||||
Loading…
Reference in New Issue
Block a user