commit 84fccbb723a08bbfa612f9255c65cef003918448
parent d1000442d0af53d57661df6c61b72443d6370852
Author: Alex Balgavy <alex@balgavy.eu>
Date: Wed, 23 Feb 2022 16:49:11 +0100
gpg: misc settings
Diffstat:
1 file changed, 18 insertions(+), 0 deletions(-)
diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf
@@ -1,6 +1,9 @@
keyid-format 0xLONG
keyserver pgp.mit.edu
charset utf-8
+## We want to force UTF-8 everywhere
+display-charset utf-8
+
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
bzip2-compress-level 9
@@ -9,11 +12,26 @@ personal-compress-preferences BZIP2 ZIP ZLIB
personal-cipher-preferences AES256 TWOFISH AES192 BLOWFISH AES CAST5
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
require-cross-certification
+
+## Don't disclose the version
no-emit-version
+
+## Don't add additional comments (may leak language, etc)
no-comments
with-fingerprint
list-options show-policy-url show-user-notations show-sig-expire
list-options show-uid-validity
default-recipient-self
keyserver-options auto-key-retrieve
+
+## When creating a key, individuals may designate a specific keyserver to use to pull their keys from.
+## The above option will disregard this designation and use the pool, which is useful because (1) it
+## prevents someone from designating an insecure method for pulling their key and (2) if the server
+## designated uses hkps, the refresh will fail because the ca-cert will not match, so the keys will
+## never be refreshed.
keyserver-options no-honor-keyserver-url
+
+## when outputting certificates, view user IDs distinctly from keys:
+fixed-list-mode
+
+use-agent
