summaryrefslogtreecommitdiff
path: root/.local/share
diff options
context:
space:
mode:
Diffstat (limited to '.local/share')
-rwxr-xr-x.local/share/gnupg/gpg.conf31
1 files changed, 31 insertions, 0 deletions
diff --git a/.local/share/gnupg/gpg.conf b/.local/share/gnupg/gpg.conf
new file mode 100755
index 0000000..582d14b
--- /dev/null
+++ b/.local/share/gnupg/gpg.conf
@@ -0,0 +1,31 @@
+# Assume that command line arguments are given as UTF8 strings.
+utf8-strings
+
+# when outputting certificates, view user IDs distinctly from keys:
+fixed-list-mode
+
+# long keyids are more collision-resistant than short keyids (it's trivial to make a key
+# with any desired short keyid)
+# NOTE: this breaks kmail gnupg support!
+keyid-format 0xlong
+
+# when multiple digests are supported by all recipients, choose the strongest one:
+personal-digest-preferences SHA512 SHA384 SHA256 SHA224
+
+# preferences chosen for new keys should prioritize stronger algorithms:
+default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
+
+# You should always know at a glance which User IDs GPG thinks are legitimately bound to
+# the keys in the keyring:
+verify-options show-uid-validity
+list-options show-uid-validity
+
+# include an unambiguous indicator of which key made a signature:
+# (see http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234)
+# (and http://www.ietf.org/mail-archive/web/openpgp/current/msg00405.html)
+sig-notation issuer-fpr@notations.openpgp.fifthhorseman.net=%g
+
+# when making an OpenPGP certification, use a stronger digest than the default SHA1:
+cert-digest-algo SHA512
+s2k-cipher-algo AES256
+s2k-digest-algo SHA512