2022-02-03
This commit is contained in:
parent
f86b8496ec
commit
db393215ce
GPG key ID:
4B9DB28F826553BD
55 changed files with 1907 additions and 0 deletions
32
home/dot-gnupg/gpg-agent.conf
Normal file
32
home/dot-gnupg/gpg-agent.conf
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
# Configuration file for gpg-agent (~/.gnupg/gpg-agent.conf)
|
||||
#
|
||||
# Note:
|
||||
# After changing the configuration, reload the agent:
|
||||
# $ gpg-connect-agent reloadagent /bye
|
||||
|
||||
# Time a cache entry is valid (in seconds) default: 600
|
||||
# Each time a cache entry is accessed, the entry's timer is reset
|
||||
# The cache entry is invalidate after a max time, default: 7200
|
||||
default-cache-ttl 3600
|
||||
max-cache-ttl 21600
|
||||
default-cache-ttl-ssh 3600
|
||||
max-cache-ttl-ssh 21600
|
||||
|
||||
# Select PIN entry program (qt, curses, gtk-2,...)
|
||||
# On Gentoo Linux: see also 'eselect pinentry list'
|
||||
# pinentry-program /usr/bin/pinentry-tty
|
||||
# pinentry-program /usr/bin/pinentry-curses
|
||||
# pinentry-program /usr/bin/pinentry-gtk-2
|
||||
# pinentry-program /usr/bin/pinentry-gnome3
|
||||
# pinentry-program /usr/bin/pinentry-emacs
|
||||
# pinentry-program /usr/bin/pinentry-qt
|
||||
pinentry-program /usr/bin/pinentry
|
||||
|
||||
# Use GnuPG agent for SSH keys (instead of ssh-agent)
|
||||
# Note: Make sure that gpg-agent is always started with login.
|
||||
#
|
||||
# This can be done by enabling one of the following sockets
|
||||
# systemctl --user enable --now gpg-agent.service
|
||||
# systemctl --user enable --now gpg-agent-ssh.service
|
||||
#
|
||||
enable-ssh-support
|
||||
134
home/dot-gnupg/gpg.conf
Normal file
134
home/dot-gnupg/gpg.conf
Normal file
|
|
@ -0,0 +1,134 @@
|
|||
# Configuration file for gpg (~/.gnupg/gpg.conf)
|
||||
#
|
||||
# This options file can contain any long options which are available in
|
||||
# GnuPG. See gpg(1) for a full list of options.
|
||||
#
|
||||
# Also useful: https://riseup.net/en/gpg-best-practices
|
||||
|
||||
#
|
||||
# Default key and recipient
|
||||
#
|
||||
|
||||
# If you have more than one secret key in your keyring, you may want to
|
||||
# uncomment the following option and set your preferred keyid.
|
||||
# default-key C4380B57
|
||||
|
||||
# If you do not pass a recipient to gpg, it will ask for one. Using this option
|
||||
# you can encrypt to a default key. Key validation will not be done in this
|
||||
# case. The second form uses the default key as default recipient.
|
||||
# default-recipient <user-id>
|
||||
default-recipient-self
|
||||
|
||||
#
|
||||
# Behavior
|
||||
#
|
||||
|
||||
# Get rid of the copyright notice
|
||||
no-greeting
|
||||
|
||||
# Disable inclusion of the version string in ASCII armored output
|
||||
no-emit-version
|
||||
|
||||
# Disable comment string in clear text signatures and ASCII armored messages.
|
||||
no-comments
|
||||
|
||||
# Select how to display key IDs: none|short|long|0xshort|0xlong
|
||||
keyid-format 0xlong
|
||||
|
||||
# List keys with their fingerprints
|
||||
with-fingerprint
|
||||
|
||||
# List keys with their keygrip
|
||||
with-keygrip
|
||||
|
||||
# Display the calculated validity of the user IDs during key listings
|
||||
list-options show-uid-validity
|
||||
verify-options show-uid-validity
|
||||
|
||||
# Try to use the GnuPG-Agent. With this option, GnuPG first tries to connect to
|
||||
# the agent before it asks for a passphrase.
|
||||
use-agent
|
||||
|
||||
# Because some mailers change lines starting with "From " to ">From " it is good
|
||||
# to handle such lines in a special way when creating cleartext signatures; all
|
||||
# other PGP versions do it this way too. To enable full OpenPGP compliance you
|
||||
# may want to use this option.
|
||||
# no-escape-from-lines
|
||||
|
||||
#
|
||||
# Algorithms and ciphers
|
||||
#
|
||||
|
||||
# When verifying a signature made from a subkey, ensure that the cross
|
||||
# certification "back signature" on the subkey is present and valid. This
|
||||
# protects against a subtle attack against subkeys that can sign.
|
||||
require-cross-certification
|
||||
|
||||
# List of personal digest preferences. When multiple digest are supported by
|
||||
# all recipients, choose the strongest one
|
||||
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
|
||||
|
||||
# Message digest algorithm used when signing a key
|
||||
cert-digest-algo SHA512
|
||||
|
||||
# List of personal cipher preferences. When multiple ciphers are supported by
|
||||
# all recipients, choose the strongest one
|
||||
personal-cipher-preferences AES256 AES192 AES TWOFISH CAMELLIA256 3DES
|
||||
|
||||
# Preference list used for new keys. It becomes the default for "setpref" in the
|
||||
# edit menu
|
||||
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
|
||||
|
||||
#
|
||||
# Key servers
|
||||
#
|
||||
|
||||
# The following two options are moved to dirmngr.conf since GnuPG 2.1, check
|
||||
# 'man dirmngr' for more details
|
||||
# keyserver hkps://hkps.pool.sks-keyservers.net
|
||||
# keyserver-options ca-cert-file=~/.gnupg/hkps.pool.sks-keyservers.net.pem
|
||||
keyserver hkps://keys.openpgp.org
|
||||
|
||||
# Set the proxy to use for HTTP and HKP keyservers - default to the standard
|
||||
# local Tor socks proxy
|
||||
# It is encouraged to use Tor for improved anonymity. Preferrably use either a
|
||||
# dedicated SOCKSPort for GnuPG and/or enable IsolateDestPort and
|
||||
# IsolateDestAddr
|
||||
# keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050
|
||||
|
||||
# Don't leak DNS, see https://trac.torproject.org/projects/tor/ticket/2846
|
||||
# keyserver-options no-try-dns-srv
|
||||
|
||||
# When using --refresh-keys, if the key in question has a preferred keyserver
|
||||
# URL, then disable use of that preferred keyserver to refresh the key from
|
||||
keyserver-options no-honor-keyserver-url
|
||||
|
||||
# When searching for a key with --search-keys, include keys that are marked on
|
||||
# the keyserver as revoked
|
||||
keyserver-options include-revoked
|
||||
|
||||
# Automatically fetch keys from key server when not on the local keyring
|
||||
keyserver-options auto-key-retrieve
|
||||
|
||||
#
|
||||
# Miscellaneous options
|
||||
#
|
||||
|
||||
# Group names may be defined like this:
|
||||
# group mynames = paige 0x12345678 joe patti
|
||||
#
|
||||
# Any time "mynames" is a recipient (-r or --recipient), it will be expanded to
|
||||
# the names "paige", "joe", and "patti", and the key ID "0x12345678". Note
|
||||
# there is only one level of expansion - you cannot make an group that points to
|
||||
# another group. Note also that if there are spaces in the recipient name, this
|
||||
# will appear as two recipients. In these cases it is better to use the key ID.
|
||||
# group mynames = paige 0x12345678 joe patti
|
||||
|
||||
# GnuPG can automatically locate and retrieve keys as needed using this option.
|
||||
# This happens when encrypting to an email address (in the "user@@example.com"
|
||||
# form) and there are no keys matching "user@example.com" in the local keyring.
|
||||
# This option takes any number mechanisms which are tried in the given order.
|
||||
# The default is "--auto-key-locate local" to search for keys only in the local
|
||||
# key database. Uncomment the next line to locate a missing key using two DNS
|
||||
# based mechanisms.
|
||||
# auto-key-locate local,pka,dane
|
||||
Loading…
Add table
Add a link
Reference in a new issue