From 5fb7799f2105cbd307a9fef28b3235f4f30a6a52 Mon Sep 17 00:00:00 2001 From: drduh Date: Sat, 12 Apr 2025 10:27:19 -0700 Subject: [PATCH] include gpg configs --- config/gpg-agent.conf | 13 ++++++++ config/gpg.conf | 70 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+) create mode 100644 config/gpg-agent.conf create mode 100644 config/gpg.conf diff --git a/config/gpg-agent.conf b/config/gpg-agent.conf new file mode 100644 index 0000000..ffd789c --- /dev/null +++ b/config/gpg-agent.conf @@ -0,0 +1,13 @@ +# https://github.com/drduh/YubiKey-Guide/blob/master/config/gpg-agent.conf +# https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html +enable-ssh-support +ttyname $GPG_TTY +default-cache-ttl 60 +max-cache-ttl 120 +pinentry-program /usr/bin/pinentry-curses +#pinentry-program /usr/bin/pinentry-gnome3 +#pinentry-program /usr/bin/pinentry-tty +#pinentry-program /usr/bin/pinentry-x11 +#pinentry-program /usr/local/bin/pinentry-curses +#pinentry-program /usr/local/bin/pinentry-mac +#pinentry-program /opt/homebrew/bin/pinentry-mac diff --git a/config/gpg.conf b/config/gpg.conf new file mode 100644 index 0000000..5718231 --- /dev/null +++ b/config/gpg.conf @@ -0,0 +1,70 @@ +# https://github.com/drduh/YubiKey-Guide/blob/master/config/gpg.conf +# https://www.gnupg.org/documentation/manuals/gnupg/GPG-Options.html +# 'gpg --version' to get capabilities +# Use AES256, 192, or 128 as cipher +personal-cipher-preferences AES256 AES192 AES +# Use SHA512, 384, or 256 as digest +personal-digest-preferences SHA512 SHA384 SHA256 +# Use ZLIB, BZIP2, ZIP, or no compression +personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed +# Default preferences for new keys +default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed +# SHA512 as digest to sign keys +cert-digest-algo SHA512 +# SHA512 as digest for symmetric ops +s2k-digest-algo SHA512 +# AES256 as cipher for symmetric ops +s2k-cipher-algo AES256 +# UTF-8 support for compatibility +charset utf-8 +# No comments in messages +no-comments +# No version in output +no-emit-version +# Disable banner +no-greeting +# Long key id format +keyid-format 0xlong +# Display UID validity +list-options show-uid-validity +verify-options show-uid-validity +# Display all keys and their fingerprints +with-fingerprint +# Display key origins and updates +#with-key-origin +# Cross-certify subkeys are present and valid +require-cross-certification +# Enforce memory locking to avoid accidentally swapping GPG memory to disk +require-secmem +# Disable caching of passphrase for symmetrical ops +no-symkey-cache +# Output ASCII instead of binary +armor +# Enable smartcard +use-agent +# Disable recipient key ID in messages (WARNING: breaks Mailvelope) +throw-keyids +# Default key ID to use (helpful with throw-keyids) +#default-key 0xFF00000000000001 +#trusted-key 0xFF00000000000001 +# Group recipient keys (preferred ID last) +#group keygroup = 0xFF00000000000003 0xFF00000000000002 0xFF00000000000001 +# Keyserver URL +#keyserver hkps://keys.openpgp.org +#keyserver hkps://keys.mailvelope.com +#keyserver hkps://keyserver.ubuntu.com:443 +#keyserver hkps://pgpkeys.eu +#keyserver hkps://pgp.circl.lu +#keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion +# Keyserver proxy +#keyserver-options http-proxy=http://127.0.0.1:8118 +#keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 +# Enable key retrieval using WKD and DANE +#auto-key-locate wkd,dane,local +#auto-key-retrieve +# Trust delegation mechanism +#trust-model tofu+pgp +# Show expired subkeys +#list-options show-unusable-subkeys +# Verbose output +#verbose