From 40587e16915f57f9a733d9fca97aeb9de5c04fcc Mon Sep 17 00:00:00 2001 From: Valentin Brandl Date: Sat, 11 Feb 2017 13:30:23 +0100 Subject: [PATCH] Add gnupg configuration --- tools/crypto/gpg/dirmngr.conf | 7 +++ tools/crypto/gpg/gpg-agent.conf | 9 ++++ tools/crypto/gpg/gpg.conf | 90 +++++++++++++++++++++++++++++++++ 3 files changed, 106 insertions(+) create mode 100644 tools/crypto/gpg/dirmngr.conf create mode 100644 tools/crypto/gpg/gpg-agent.conf create mode 100644 tools/crypto/gpg/gpg.conf diff --git a/tools/crypto/gpg/dirmngr.conf b/tools/crypto/gpg/dirmngr.conf new file mode 100644 index 0000000..7748560 --- /dev/null +++ b/tools/crypto/gpg/dirmngr.conf @@ -0,0 +1,7 @@ +# Disable LDAP +disable-ldap +ignore-ldap-dp + +# Provide a certificate store to override the system default +# Get this from https://sks-keyservers.net/sks-keyservers.netCA.pem +#hkp-cacert /usr/local/etc/ssl/certs/hkps.pool.sks-keyservers.net.pem diff --git a/tools/crypto/gpg/gpg-agent.conf b/tools/crypto/gpg/gpg-agent.conf new file mode 100644 index 0000000..74237f7 --- /dev/null +++ b/tools/crypto/gpg/gpg-agent.conf @@ -0,0 +1,9 @@ +# Keyboard control +no-grab + +# PIN entry program +pinentry-program /usr/bin/pinentry-gtk-2 + +default-cache-ttl 1800 +max-cache-ttl 18000 +# vim: set filetype=gpg ts=4 sw=4 tw=0 noet : diff --git a/tools/crypto/gpg/gpg.conf b/tools/crypto/gpg/gpg.conf new file mode 100644 index 0000000..2cf9040 --- /dev/null +++ b/tools/crypto/gpg/gpg.conf @@ -0,0 +1,90 @@ +### source: https://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/ + +# When outputting certificates, view user IDs distinctly from keys: +fixed-list-mode + + + +### source: https://raw.githubusercontent.com/ioerror/duraconf/master/configs/gnupg/gpg.conf + +# +# This is an implementation of the Riseup OpenPGP Best Practices +# https://help.riseup.net/en/security/message-security/openpgp/best-practices +# + +#----------------------------- +# default key +#----------------------------- + +# The default key to sign with. If this option is not used, the default key is +# the first key found in the secret keyring + +#default-key 0xfingerprint + + +#----------------------------- +# behavior +#----------------------------- + +# Disable inclusion of the version string in ASCII armored output +no-emit-version + +# Disable comment string in clear text signatures and ASCII armored messages +no-comments + +# Display long key IDs +keyid-format 0xlong + +# List all keys (or the specified ones) along with their fingerprints +with-fingerprint + +# Display the calculated validity of user IDs during key listings +list-options show-uid-validity +verify-options show-uid-validity + +# Try to use the GnuPG-Agent. With this option, GnuPG first tries to connect to +# the agent before it asks for a passphrase. +use-agent + +# Display key flags in listings +list-options show-usage + + +#----------------------------- +# keyserver +#----------------------------- + +# This is the server that --recv-keys, --send-keys, and --search-keys will +# communicate with to receive keys from, send keys to, and search for keys on +keyserver keyserver.vsund.de +keyserver keyserver.adamas.ai +keyserver keyserver.nerds.lu +keyserver keyserver.metalgamer.eu + +# When using --refresh-keys, if the key in question has a preferred keyserver +# URL, then disable use of that preferred keyserver to refresh the key from +keyserver-options no-honor-keyserver-url + +# When searching for a key with --search-keys, include keys that are marked on +# the keyserver as revoked +keyserver-options include-revoked + + +#----------------------------- +# algorithm and ciphers +#----------------------------- + +# list of personal digest preferences. When multiple digests are supported by +# all recipients, choose the strongest one +personal-cipher-preferences AES256 AES192 AES CAST5 + +# list of personal digest preferences. When multiple ciphers are supported by +# all recipients, choose the strongest one +personal-digest-preferences SHA512 SHA384 SHA256 SHA224 + +# message digest algorithm used when signing a key +cert-digest-algo SHA512 + +# This preference list is used for new keys and becomes the default for +# "setpref" in the edit menu +default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed