forked from extern/nix-config
f125fbde38
This is necessary since sks-keyservers is deprecated.
47 lines
1.4 KiB
Plaintext
47 lines
1.4 KiB
Plaintext
# New Start: A modern Arch workflow built with an emphasis on functionality.
|
|
# Copyright (C) 2017-2018 Donovan Glover
|
|
|
|
# 1. Use a keypool (specifically sks) instead of a regular keyserver
|
|
# 2. Use hkps to ensure a secure connection (hkp is to GPG as what http is to the web)
|
|
keyserver hkps://pgp.mit.edu
|
|
|
|
# Ignore all other keyservers since they may be malicious, whether intentional or not.
|
|
# This prevents pulling keys from a specific keyserver and forces GPG to use the keypool
|
|
keyserver-options no-honor-keyserver-url
|
|
|
|
# Use SHA512 instead of SHA256
|
|
personal-digest-preferences SHA512
|
|
cert-digest-algo SHA512
|
|
|
|
# Use AES256 instead of AES128 or CAST5
|
|
cipher-algo AES256
|
|
|
|
# Prefer encryption algorithms in this order
|
|
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
|
|
personal-cipher-preferences TWOFISH CAMELLIA256 AES 3DES
|
|
|
|
# Prevent the recipient id from being leaked in the message
|
|
throw-keyids
|
|
|
|
# Always show long key IDs
|
|
keyid-format 0xlong
|
|
|
|
# Always show full fingerprints of keys
|
|
with-fingerprint
|
|
|
|
# Never show the version number (should be default)
|
|
no-emit-version
|
|
|
|
# Never use comments (should be default)
|
|
no-comments
|
|
|
|
# Always use utf-8
|
|
display-charset utf-8
|
|
|
|
# Always view user IDs distinctly from keys (should be default)
|
|
fixed-list-mode
|
|
|
|
# Always show user ID validity (should be default)
|
|
verify-options show-uid-validity
|
|
list-options show-uid-validity
|