extern/nix-config
1
0
Fork 1
mirror of https://github.com/donovanglover/nix-config.git synced 2024-11-23 00:34:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
3cb488fed0
nix-config/gnupg/.gnupg/gpg.conf
Donovan Glover ff34eb6a71
Remove ca-cert-file from gpg.conf 
Newer versions of GPG automatically include this certificate by default.
2018-03-11 23:48:52 -04:00

47 lines
1.4 KiB
Plaintext
Raw Blame History

# New Start: A modern Arch workflow built with an emphasis on functionality.
# Copyright (C) 2017-2018 Donovan Glover
# 1. Use a keypool (specifically sks) instead of a regular keyserver
# 2. Use hkps to ensure a secure connection (hkp is to GPG as what http is to the web)
keyserver hkps://hkps.pool.sks-keyservers.net
# Ignore all other keyservers since they may be malicious, whether intentional or not.
# This prevents pulling keys from a specific keyserver and forces GPG to use the keypool
keyserver-options no-honor-keyserver-url
# Use SHA512 instead of SHA256
personal-digest-preferences SHA512
cert-digest-algo SHA512
# Use AES256 instead of AES128 or CAST5
cipher-algo AES256
# Prefer encryption algorithms in this order
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
personal-cipher-preferences TWOFISH CAMELLIA256 AES 3DES
# Prevent the recipient id from being leaked in the message
throw-keyids
# Always show long key IDs
keyid-format 0xlong
# Always show full fingerprints of keys
with-fingerprint
# Never show the version number (should be default)
no-emit-version
# Never use comments (should be default)
no-comments
# Always use utf-8
display-charset utf-8
# Always view user IDs distinctly from keys (should be default)
fixed-list-mode
# Always show user ID validity (should be default)
verify-options show-uid-validity
list-options show-uid-validity
Reference in New Issue View Git Blame Copy Permalink