# New Start: A modern Arch workflow built with an emphasis on functionality. # Copyright (C) 2017-2018 Donovan Glover # 1. Use a keypool (specifically sks) instead of a regular keyserver # 2. Use hkps to ensure a secure connection (hkp is to GPG as what http is to the web) keyserver hkps://pgp.mit.edu # Ignore all other keyservers since they may be malicious, whether intentional or not. # This prevents pulling keys from a specific keyserver and forces GPG to use the keypool keyserver-options no-honor-keyserver-url # Use SHA512 instead of SHA256 personal-digest-preferences SHA512 cert-digest-algo SHA512 # Use AES256 instead of AES128 or CAST5 cipher-algo AES256 # Prefer encryption algorithms in this order default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed personal-cipher-preferences TWOFISH CAMELLIA256 AES 3DES # Prevent the recipient id from being leaked in the message throw-keyids # Always show long key IDs keyid-format 0xlong # Always show full fingerprints of keys with-fingerprint # Never show the version number (should be default) no-emit-version # Never use comments (should be default) no-comments # Always use utf-8 display-charset utf-8 # Always view user IDs distinctly from keys (should be default) fixed-list-mode # Always show user ID validity (should be default) verify-options show-uid-validity list-options show-uid-validity