mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-11-22 11:19:22 +01:00
gpg.conf: trusted-key, cert levels, cert expiry
This commit is contained in:
parent
34c259c2ac
commit
ca1bebb094
@ -22,8 +22,10 @@
|
|||||||
|
|
||||||
# Use my key by default
|
# Use my key by default
|
||||||
local-user 0x99392F62BAE30723
|
local-user 0x99392F62BAE30723
|
||||||
|
trusted-key 0x99392F62BAE30723
|
||||||
# WTOP
|
# WTOP
|
||||||
#local-user 0xDC189FE6FA9BD685
|
#local-user 0xDC189FE6FA9BD685
|
||||||
|
#trusted-key 0xDC189FE6FA9BD685
|
||||||
|
|
||||||
# Ignore preferred keyserver
|
# Ignore preferred keyserver
|
||||||
keyserver-options no-honor-keyserver-url
|
keyserver-options no-honor-keyserver-url
|
||||||
@ -39,7 +41,6 @@ keyserver-options no-honor-keyserver-url
|
|||||||
auto-key-retrieve
|
auto-key-retrieve
|
||||||
auto-key-locate local,wkd
|
auto-key-locate local,wkd
|
||||||
|
|
||||||
|
|
||||||
# Encrypt to sender's key by default
|
# Encrypt to sender's key by default
|
||||||
default-recipient-self
|
default-recipient-self
|
||||||
|
|
||||||
@ -61,9 +62,18 @@ keyid-format 0xLONG
|
|||||||
with-fingerprint
|
with-fingerprint
|
||||||
with-wkd-hash
|
with-wkd-hash
|
||||||
|
|
||||||
# Ask everything
|
# I refuse to comment on GPG's weird scale how I have verified keys as
|
||||||
ask-cert-level
|
# I appear to disagree on the official meanings of 1-3.
|
||||||
|
# If I sign a key, I have verified it to best of my ability. Also
|
||||||
|
# apparently it doesn't have much meaning anyway https://debian-administration.org/users/dkg/weblog/98
|
||||||
|
no-ask-cert-level
|
||||||
|
default-cert-level 0
|
||||||
|
# Count also the persona signatures for WoT if someone has those.
|
||||||
|
min-cert-level 1
|
||||||
|
|
||||||
|
# Ask when signatures expire.
|
||||||
ask-cert-expire
|
ask-cert-expire
|
||||||
|
default-cert-expire 2y
|
||||||
|
|
||||||
# Copying https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defaults
|
# Copying https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defaults
|
||||||
# when outputting certificates, view user IDs distinctly from keys:
|
# when outputting certificates, view user IDs distinctly from keys:
|
||||||
|
16
gpg/gpg.conf
16
gpg/gpg.conf
@ -22,8 +22,11 @@
|
|||||||
|
|
||||||
# Use my key by default
|
# Use my key by default
|
||||||
#local-user 0x99392F62BAE30723 # MIKAELA_GREP # MIKAELA_GREP_GPG
|
#local-user 0x99392F62BAE30723 # MIKAELA_GREP # MIKAELA_GREP_GPG
|
||||||
|
#trusted-key 0x99392F62BAE30723 # MIKAELA_GREP # MIKAELA_GREP_GPG
|
||||||
|
|
||||||
# WTOP
|
# WTOP
|
||||||
#local-user 0xDC189FE6FA9BD685 # MIKAELA_GREP # MIKAELA_GREP_GPG
|
#local-user 0xDC189FE6FA9BD685 # MIKAELA_GREP # MIKAELA_GREP_GPG
|
||||||
|
#trusted-key 0xDC189FE6FA9BD685 # MIKAELA_GREP # MIKAELA_GREP_GPG
|
||||||
|
|
||||||
# Ignore preferred keyserver
|
# Ignore preferred keyserver
|
||||||
keyserver-options no-honor-keyserver-url
|
keyserver-options no-honor-keyserver-url
|
||||||
@ -61,9 +64,18 @@ keyid-format 0xLONG
|
|||||||
with-fingerprint
|
with-fingerprint
|
||||||
with-wkd-hash
|
with-wkd-hash
|
||||||
|
|
||||||
# Ask everything
|
# I refuse to comment on GPG's weird scale how I have verified keys as
|
||||||
ask-cert-level
|
# I appear to disagree on the official meanings of 1-3.
|
||||||
|
# If I sign a key, I have verified it to best of my ability. Also
|
||||||
|
# apparently it doesn't have much meaning anyway https://debian-administration.org/users/dkg/weblog/98
|
||||||
|
no-ask-cert-level
|
||||||
|
default-cert-level 0
|
||||||
|
# Count also the persona signatures for WoT if someone has those.
|
||||||
|
min-cert-level 1
|
||||||
|
|
||||||
|
# Ask when signatures expire.
|
||||||
ask-cert-expire
|
ask-cert-expire
|
||||||
|
default-cert-expire 2y
|
||||||
|
|
||||||
# Copying https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defaults
|
# Copying https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defaults
|
||||||
# when outputting certificates, view user IDs distinctly from keys:
|
# when outputting certificates, view user IDs distinctly from keys:
|
||||||
|
Loading…
Reference in New Issue
Block a user