##################################################################################
#
#    New Start: A modern Arch workflow built with an emphasis on functionality.
#    Copyright (C) 2017 Donovan Glover
#
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <https://www.gnu.org/licenses/>.
#
##################################################################################

# 1. Use a keypool (specifically sks) instead of a regular keyserver
# 2. Use hkps to ensure a secure connection (hkp is to GPG as what http is to the web)
keyserver hkps://hkps.pool.sks-keyservers.net

# Use our own certificate to ensure a secure communication
# Verify the certificate with `openssl x509 -in <CERT_FILE> -noout -fingerprint`
# This should output 79:1B:27:A3:8E:66:7F:80:27:81:4D:4E:68:E7:C4:78:A4:5D:5A:17
keyserver-options ca-cert-file=sks-cert.pem

# Ignore all other keyservers since they may be malicious, whether intentional or not.
# This prevents pulling keys from a specific keyserver and forces GPG to use the keypool
keyserver-options no-honor-keyserver-url

# Use SHA512 instead of SHA256
personal-digest-preferences SHA512
cert-digest-algo SHA512

# Use AES256 instead of AES128 or CAST5
cipher-algo AES256

# Prefer encryption algorithms in this order
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
personal-cipher-preferences TWOFISH CAMELLIA256 AES 3DES

# Prevent the recipient id from being leaked in the message
throw-keyids

# Always show long key IDs
keyid-format 0xlong

# Always show full fingerprints of keys
with-fingerprint

# Never show the version number (should be default)
no-emit-version

# Never use comments (should be default)
no-comments

# Always use utf-8
display-charset utf-8

# Always view user IDs distinctly from keys (should be default)
fixed-list-mode

# Always show user ID validity (should be default)
verify-options show-uid-validity
list-options show-uid-validity