From 71706a3fff1263af76aea550ede6992e7a85200c Mon Sep 17 00:00:00 2001 From: David Kerkeslager Date: Tue, 31 May 2016 01:16:30 +0000 Subject: [PATCH] Added gpg conf" --- .gnupg/gpg.conf | 62 +++++++++++++++++++++++++++++++++++++++++++++++++ install.sh | 2 +- 2 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 .gnupg/gpg.conf diff --git a/.gnupg/gpg.conf b/.gnupg/gpg.conf new file mode 100644 index 0000000..4cc44eb --- /dev/null +++ b/.gnupg/gpg.conf @@ -0,0 +1,62 @@ +no-greeting +# Don't leak information by automatically trying to get keys. +no-auto-key-locate + +# Set the charset to UTF-8; you should make sure that your terminal correctly implements UTF-8 support. +# TODO(dlg): vttest? +charset utf-8 +display-charset utf-8 + +# Display long keyids and fingerprints by default +keyid-format 0xlong +with-fingerprint +verbose +# Never show photos, but show all notations and signature subpackets +list-options show-policy-urls no-show-photos show-notations show-keyserver-urls show-uid-validity show-sig-subpackets +verify-options show-policy-urls no-show-photos show-notations show-keyserver-urls show-uid-validity no-pka-lookups no-pka-trust-increase + +# Disable truncating DSA2 message hashes (yes, that's what this does) +disable-dsa2 + +# Use the https-secured HKPS pool. The sks-keyservers.net CA is available at https://sks-keyservers.net/sks-keyservers.netCA.pem +keyserver hkps://hkps.pool.sks-keyservers.net +keyserver-options check-cert ca-cert-file=~/.gnupg/sks-keyservers.netCA.pem keep-temp-files verbose verbose debug no-honor-keyserver-url no-auto-key-retrieve no-honor-pka-record + +# Some options to avoid stupid behaviors. +require-cross-certification +force-v4-certs +import-options no-repair-pks-subkey-bug import-clean +export-options export-clean +force-mdc + +# Use a real encryption algorithm to protect the secret keyring, rather than CAST5. +s2k-cipher-algo AES256 +s2k-digest-algo SHA512 +s2k-mode 3 + +# This is the maximum iteration count. It's way too small. You should entomb or just +# scrypt your private keyring when not in use. +s2k-count 65011712 + +# Human-readable version of cipher preferences: +# Cipher: AES256, AES192, AES, TWOFISH, BLOWFISH, CAMELLIA256, CAMELLIA192, CAMELLIA128 +# rationale: AES is best-studied. Twofish and Blowfish second-best. CAMELLIA is believed +# to be as strong as AES but much less studied. (You may prefer moving AES128 lower.) +# Digest: SHA512, SHA384, SHA224, SHA256, RIPEMD160 +# rationale: SHA2 is still considered strong. RIPEMD160 is believed better than SHA-1. +# Compression: ZLIB, BZIP2, ZIP, Uncompressed +# rationale: Personal preference. + +# Set cipher preferences for encryption/signing to other users. +# NB: This does not prevent an 3DES, IDEA, or MD5 from being used, if the recipient +# prefers it. +personal-cipher-preferences S9 S8 S7 S10 S4 S13 S12 S11 +personal-digest-preferences H10 H9 H11 H8 H3 H2 +personal-compress-preferences Z2 Z3 Z1 Z0 + +disable-cipher-algo CAST5 IDEA +# Regrettably, not supported by GnuPG +# disable-digest-algo MD5 + +# Set the default preference list for new public keys. +default-preference-list S9 S8 S7 S10 S4 S13 S12 S11 H10 H9 H11 H8 H3 H2 Z2 Z3 Z1 Z0 diff --git a/install.sh b/install.sh index d598236..c087e55 100755 --- a/install.sh +++ b/install.sh @@ -1 +1 @@ -cp .bash_profile .bashrc .emacs .gemrc .gitconfig .profile .screenrc .vimrc .. +cp -r .bash_profile .bashrc .emacs .gemrc .gitconfig .gnupg/ .profile .screenrc .vimrc ../ -- 2.20.1