From 686188555dca92ce8a4c7cecd41cf77354a398e5 Mon Sep 17 00:00:00 2001 From: Leafus Date: Wed, 22 Jan 2025 09:46:06 +0100 Subject: [PATCH] gpg --- home/private_dot_gnupg/private_dirmngr.conf | 3 + home/private_dot_gnupg/private_gpg-agent.conf | 4 + home/private_dot_gnupg/private_gpg.conf | 74 +++++++++++++++++++ 3 files changed, 81 insertions(+) create mode 100644 home/private_dot_gnupg/private_dirmngr.conf create mode 100644 home/private_dot_gnupg/private_gpg-agent.conf create mode 100644 home/private_dot_gnupg/private_gpg.conf diff --git a/home/private_dot_gnupg/private_dirmngr.conf b/home/private_dot_gnupg/private_dirmngr.conf new file mode 100644 index 00000000..42f50c13 --- /dev/null +++ b/home/private_dot_gnupg/private_dirmngr.conf @@ -0,0 +1,3 @@ +keyserver hkps://keys.openpgp.org +#use-tor +#keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion diff --git a/home/private_dot_gnupg/private_gpg-agent.conf b/home/private_dot_gnupg/private_gpg-agent.conf new file mode 100644 index 00000000..dd9d62af --- /dev/null +++ b/home/private_dot_gnupg/private_gpg-agent.conf @@ -0,0 +1,4 @@ +default-cache-ttl 300 +max-cache-ttl 999999 +enable-ssh-support +pinentry-program /usr/bin/pinentry-gnome3 diff --git a/home/private_dot_gnupg/private_gpg.conf b/home/private_dot_gnupg/private_gpg.conf new file mode 100644 index 00000000..e92c31ae --- /dev/null +++ b/home/private_dot_gnupg/private_gpg.conf @@ -0,0 +1,74 @@ +# +# This is an implementation of the Riseup OpenPGP Best Practices +# https://help.riseup.net/en/security/message-security/openpgp/best-practices +# +# Copied from https://tails.boum.org/contribute/design/#index45h3 +# https://git-tails.immerda.ch/tails/plain/config/chroot_local-includes/etc/skel/.gnupg/gpg.conf +# https://gitweb.torproject.org/torbirdy.git/tree/gpg.conf + +#----------------------------- +# default key +#----------------------------- + +# The default key to sign with. If this option is not used, the default key is +# the first key found in the secret keyring + +default-key 0xC4042C377FEEFD0C0590657606B907155B66AAE3 +#----------------------------- +# behavior +#----------------------------- + +# Disable inclusion of the version string in ASCII armored output +no-emit-version + +# Disable comment string in clear text signatures and ASCII armored messages +no-comments + +# Display long key IDs +keyid-format 0xlong + +# List all keys (or the specified ones) along with their fingerprints +with-fingerprint + +# Display the calculated validity of user IDs during key listings +list-options show-uid-validity,show-keyring,show-sig-expire +verify-options show-uid-validity + +# Try to use the GnuPG-Agent. With this option, GnuPG first tries to connect to +# the agent before it asks for a passphrase. +use-agent + +# Suppress the initial copyright message. +no-greeting + +# Bypass all translations and assume that the OS uses native UTF-8 encoding. +display-charset utf-8 + +#----------------------------- +# keyserver +#----------------------------- + +# When searching for a key with --search-keys, include keys that are marked on +# the keyserver as revoked +keyserver-options include-revoked + + +#----------------------------- +# algorithm and ciphers +#----------------------------- + +# list of personal digest preferences. When multiple digests are supported by +# all recipients, choose the strongest one +personal-cipher-preferences AES256 AES192 AES CAST5 + +# list of personal digest preferences. When multiple ciphers are supported by +# all recipients, choose the strongest one +personal-digest-preferences SHA512 SHA384 SHA256 SHA224 + +# message digest algorithm used when signing a key +cert-digest-algo SHA512 + +# This preference list is used for new keys and becomes the default for +# "setpref" in the edit menu +default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed +