blob: 73e8708cbf0a7cd6d7977f8e78ab62b5904a013f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
#################################################
# GLEP 63 specifications for OpenPGP key creation
#################################################
# Keyserver
keyserver pool.sks-keyservers.net
emit-version
default-recipient-self
# -- All of the below portion from the RiseUp.net OpenPGP best practices, and
# -- many of them are also in the Debian GPG documentation.
# when outputting certificates, view user IDs distinctly from keys:
fixed-list-mode
# Long keyids are more collision-resistant than short keyids (it's trivial to make a key
# with any desired short keyid)
# NOTE: this breaks KMail GnuPG support!
keyid-format 0xlong
# When multiple digests are supported by all recipients, choose the strongest one:
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
# Preferences chosen for new keys should prioritize stronger algorithms:
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
# If you use a graphical environment (and even if you don't) you should be using an agent:
# (similar arguments as https://www.debian-administration.org/users/dkg/weblog/64)
use-agent
# You should always know at a glance which User IDs gpg thinks are legitimately bound to
# the keys in your keyring:
verify-options show-uid-validity
list-options show-uid-validity
# Include an unambiguous indicator of which key made a signature:
# (see http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234)
# (and http://www.ietf.org/mail-archive/web/openpgp/current/msg00405.html)
sig-notation issuer-fpr@notations.openpgp.fifthhorseman.net=%g
# When making an OpenPGP certification, use a stronger digest than the default SHA1:
cert-digest-algo SHA256
|