From 26a4d2890aac2db5ef7a026493b00eb75b469dcd Mon Sep 17 00:00:00 2001 From: Mika Suomalainen Date: Fri, 21 Dec 2012 19:50:44 +0200 Subject: [PATCH] gpg.conf: I Read The Fine Manual and learned many things... --- .gpg.conf.MKAYSIGREP | 39 ++++++++++++++++++++++++++++++++++----- gpg.conf | 33 +++++++++++++++++++++++++++++++-- 2 files changed, 65 insertions(+), 7 deletions(-) diff --git a/.gpg.conf.MKAYSIGREP b/.gpg.conf.MKAYSIGREP index d745d0a5..a9d5682d 100644 --- a/.gpg.conf.MKAYSIGREP +++ b/.gpg.conf.MKAYSIGREP @@ -23,6 +23,9 @@ # This is one of the most used keyservers as far as I know. keyserver pool.sks-keyservers.net +# Try to automatically find keys from keyserver if key for email address isn't found, but we are encrypting to email address. +auto-key-locate keyserver + # Use my key by default default-key 0x4DB53CFE82A46728 # MKAYSIGREP # MKAYSIGREPGPG @@ -34,6 +37,7 @@ encrypt-to 0x4DB53CFE82A46728 # MKAYSIGREP MKAYSIGREPGPG # Use UTF-8 charset charset UTF-8 +display-charset utf-8 # use GPG Agent to avoid retyping passphrase very ofoten. use-agent @@ -41,22 +45,47 @@ use-agent # Do everything in ASCII format by default instead of binary armor -keyserver-options auto-key-retrieve no-include-revoked verbose #import-clean +keyserver-options auto-key-retrieve no-include-revoked verbose honor-keyserver-url #import-clean # Note to self: import-clean = delete signatures from unknown keys || import-minimal = remove all signatures from keys. -# Use other SHAs than SHA1 if possible. I think that everyone who I use GPG with use enough up-to-date version to support other SHAs than SHA1. +personal-cipher-preferences AES256,AES192,AES,CAST5,3DES personal-digest-preferences SHA512,SHA384,SHA256,SHA224,RIPEMD160,SHA1,MD5 +personal-compress-preferences BZIP2,ZLIB,ZIP + +# Default preferences +default-preference-list AES256,AES192,AES,CAST5,3DES SHA512,SHA384,SHA256,SHA224,RIPEMD160,SHA1,MD5 BZIP2,ZLIB,ZIP +default-keyserver-url hkp://pool.sks-keyservers.net + +# Forcing preferred settings even if it's against OpenPGP standards +#digest-algo SHA512 +#compress-algo BZIP2 + +no-allow-non-selfsigned-uid +no-ask-sig-expire +default-sig-expire 0 + +allow-multiple-messages # Show the LONG KEYID by default and tell that it's hexadecimal string. keyid-format 0xLONG +# Use Eye Of Gnome as default image viewer +photo-viewer eog %i + +# The default to use for the check level when signing a key. +default-cert-level 2 + +lock-multiple + +expert + # Add comments to things signed/encrypted by gpg comment Homepage: http://mkaysi.github.com/ -comment Public key: http://mkaysi.github.com/PGP/0x82A46728.txt +comment Public key: http://mkaysi.github.com/PGP/0x82A46728.txt comment gpg --fetch-keys http://mkaysi.github.com/PGP/0x82A46728.txt comment Fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 -comment I have personal problem with PGP/MIME... -comment ...so signature *IS* long. See http://git.io/6FLzWg +comment I have personal problem with PGP/MIME... +comment ...so signature *IS* long. See http://git.io/6FLzWg comment Please remove PGP lines in replies. http://git.io/nvHrDg comment Charset of this message should be UTF-8. diff --git a/gpg.conf b/gpg.conf index e6825e46..de63c29c 100644 --- a/gpg.conf +++ b/gpg.conf @@ -23,6 +23,9 @@ # This is one of the most used keyservers as far as I know. keyserver pool.sks-keyservers.net +# Try to automatically find keys from keyserver if key for email address isn't found, but we are encrypting to email address. +auto-key-locate keyserver + # Use my key by default #default-key 0x4DB53CFE82A46728 # MKAYSIGREP # MKAYSIGREPGPG @@ -34,6 +37,7 @@ default-recipient-self # Use UTF-8 charset charset UTF-8 +display-charset utf-8 # use GPG Agent to avoid retyping passphrase very ofoten. use-agent @@ -41,15 +45,40 @@ use-agent # Do everything in ASCII format by default instead of binary armor -keyserver-options auto-key-retrieve no-include-revoked verbose #import-clean +keyserver-options auto-key-retrieve no-include-revoked verbose honor-keyserver-url #import-clean # Note to self: import-clean = delete signatures from unknown keys || import-minimal = remove all signatures from keys. -# Use other SHAs than SHA1 if possible. I think that everyone who I use GPG with use enough up-to-date version to support other SHAs than SHA1. +personal-cipher-preferences AES256,AES192,AES,CAST5,3DES personal-digest-preferences SHA512,SHA384,SHA256,SHA224,RIPEMD160,SHA1,MD5 +personal-compress-preferences BZIP2,ZLIB,ZIP + +# Default preferences +default-preference-list AES256,AES192,AES,CAST5,3DES SHA512,SHA384,SHA256,SHA224,RIPEMD160,SHA1,MD5 BZIP2,ZLIB,ZIP +default-keyserver-url hkp://pool.sks-keyservers.net + +# Forcing preferred settings even if it's against OpenPGP standards +#digest-algo SHA512 +#compress-algo BZIP2 + +no-allow-non-selfsigned-uid +no-ask-sig-expire +default-sig-expire 0 + +allow-multiple-messages # Show the LONG KEYID by default and tell that it's hexadecimal string. keyid-format 0xLONG +# Use Eye Of Gnome as default image viewer +photo-viewer eog %i + +# The default to use for the check level when signing a key. +default-cert-level 2 + +lock-multiple + +expert + # Add comments to things signed/encrypted by gpg #comment Homepage: http://mkaysi.github.com/ # MKAYSIGREP MKAYSIGREPGPG #comment Public key: http://mkaysi.github.com/PGP/0x82A46728.txt # MKAYSIGREP MKAYSIGREPGPG