[GPG] Add a more secure default, source: https://musigma.blog/2021/05/09/gpg-ssh-ed25519.html
This commit is contained in:
parent
e6b7025ae1
commit
9503ec48e4
@ -43,3 +43,5 @@
|
|||||||
instructionFormat = "(%an <%ae>) %s"
|
instructionFormat = "(%an <%ae>) %s"
|
||||||
[status]
|
[status]
|
||||||
showUntrackedFiles = all
|
showUntrackedFiles = all
|
||||||
|
[commit]
|
||||||
|
gpgSign = true
|
||||||
|
3
gnupg/.gnupg/gpg-agent.conf
Normal file
3
gnupg/.gnupg/gpg-agent.conf
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
enable-ssh-support
|
||||||
|
default-cache-ttl-ssh 3600
|
||||||
|
max-cache-ttl-ssh 3600
|
46
gnupg/.gnupg/gpg.conf
Normal file
46
gnupg/.gnupg/gpg.conf
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
# https://github.com/drduh/config/blob/master/gpg.conf
|
||||||
|
# https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html
|
||||||
|
# https://www.gnupg.org/documentation/manuals/gnupg/GPG-Esoteric-Options.html
|
||||||
|
# As explained in https://illuad.fr/2020/10/06/build-an-openpgp-key-based-on-ecc.html
|
||||||
|
# Use AES256, 192, or 128 as cipher
|
||||||
|
personal-cipher-preferences AES256 AES192 AES
|
||||||
|
# Use SHA512, 384, or 256 as digest
|
||||||
|
personal-digest-preferences SHA512 SHA384 SHA256
|
||||||
|
# Use ZLIB, BZIP2, ZIP, or no compression
|
||||||
|
personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
|
||||||
|
# Default preferences for new keys
|
||||||
|
default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
|
||||||
|
# SHA512 as digest to sign keys
|
||||||
|
cert-digest-algo SHA512
|
||||||
|
# SHA512 as digest for symmetric ops
|
||||||
|
s2k-digest-algo SHA512
|
||||||
|
# AES256 as cipher for symmetric ops
|
||||||
|
s2k-cipher-algo AES256
|
||||||
|
# UTF-8 support for compatibility
|
||||||
|
charset utf-8
|
||||||
|
# Show Unix timestamps
|
||||||
|
fixed-list-mode
|
||||||
|
# No comments in signature
|
||||||
|
no-comments
|
||||||
|
# No version in output
|
||||||
|
no-emit-version
|
||||||
|
# Disable banner
|
||||||
|
no-greeting
|
||||||
|
# Long hexidecimal key format
|
||||||
|
keyid-format 0xlong
|
||||||
|
# Display UID validity
|
||||||
|
list-options show-uid-validity
|
||||||
|
verify-options show-uid-validity
|
||||||
|
# Display all keys and their fingerprints
|
||||||
|
with-fingerprint
|
||||||
|
# Display key origins and updates
|
||||||
|
#with-key-origin
|
||||||
|
# Cross-certify subkeys are present and valid
|
||||||
|
require-cross-certification
|
||||||
|
# Disable caching of passphrase for symmetrical ops
|
||||||
|
no-symkey-cache
|
||||||
|
# Disable recipient key ID in messages
|
||||||
|
throw-keyids
|
||||||
|
# Enable smartcard
|
||||||
|
use-agent
|
||||||
|
|
Loading…
Reference in New Issue
Block a user