aboutsummaryrefslogtreecommitdiff
path: root/gnupg
diff options
context:
space:
mode:
authorTom Ryder <tom@sanctum.geek.nz>2013-11-04 17:33:22 +1300
committerTom Ryder <tom@sanctum.geek.nz>2013-11-04 17:33:22 +1300
commit6af478dd526d9ec1edbc3fd4d4f9a68d67acf13a (patch)
tree95b2bc4ba4acee52d9af10501f0b20f9e284ef4d /gnupg
parentd1ba934f3b9dcf276d200e9b2fd2ec3ae465bb36 (diff)
downloaddotfiles-6af478dd526d9ec1edbc3fd4d4f9a68d67acf13a.tar.gz
dotfiles-6af478dd526d9ec1edbc3fd4d4f9a68d67acf13a.zip
Add commentary to the cryptic GnuPG conf file
Diffstat (limited to 'gnupg')
-rw-r--r--gnupg/gpg.conf34
1 files changed, 34 insertions, 0 deletions
diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf
index 2173f954..aa63f256 100644
--- a/gnupg/gpg.conf
+++ b/gnupg/gpg.conf
@@ -1,16 +1,50 @@
+# Prevent boilerplate about needing key decryption, which is handled by the
+# agent; occasionally this needs to be overriden with --no-batch. I like my
+# programs to be as quiet as possible unless I specifically ask them otherwise
batch
+
+# Use SHA512 as the hash when making key signatures
cert-digest-algo SHA512
+
+# Specify the hash algorithms to be used for new keys as available
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
+
+# In the absence of any other recipient, encrypt messages for myself
default-recipient-self
+
+# Show complete dates and use proper column separation for --with-colon listing mode
fixed-list-mode
+
+# Use 16-character key IDs as the default 8-character key IDs can be forged
keyid-format 0xlong
+
+# Use a pool of servers which support HKPS (encrypted key retrieval)
keyserver hkps://hkps.pool.sks-keyservers.net
+
+# Retrieve keys automatically; check the keyserver port cert; use whichever
+# server is proffered from the pool
keyserver-options auto-key-retrieve check-cert no-honor-keyserver-url
+
+# Include trust/validity for UIDs in listings
list-options show-uid-validity
+
+# Suppress the copyright message
no-greeting
+
+# Use SHA512 as my message digest, overriding GnuPG's efforts to use the lowest
+# common denominator in hashing algorithms
personal-digest-preferences SHA512
+
+# Suppress a lot of output; sometimes I add --verbose to undo this
quiet
+
+# Use the GPG agent for key management and decryption
use-agent
+
+# Include trust/validity for UIDs when verifying signatures
verify-options show-uid-validity
+
+# Assume "yes" is the answer to most questions, that is, don't keep asking me
+# to confirm something I've asked to be done
yes