path: root/gnupg
AgeCommit message (Collapse)AuthorFilesLines
2017-12-29Allow specifying GnuPG --keyid-format at buildTom Ryder1-1/+1
Old versions of gpg(1) don't support "none" as a --keyid-format; allow specifying it as a Makefile variable KEYID_FORMAT.
2017-12-29Use only fingerprints for GnuPG keysTom Ryder1-2/+2
The manual page for gpg(1) says this is the safest way to do it.
2017-12-29Remove --batch option and wrapper for gpg(1)Tom Ryder1-5/+0
This was originally added to cut the decryption boilerplate, which no longer seems to be an issue; I think that --quiet may be correctly blocking it now. Even without this, it caused more problems than it solved when gpg(1) genuinely did need user interaction from me, for example for --update-trustdb.
2017-06-25Remove deprecated keyserver optionsTom Ryder5-85/+1
> gpg: keyserver option 'check-cert' is obsolete > gpg: keyserver option 'ca-certfile' is unknown > gpg (GnuPG) 2.1.18 > libgcrypt 1.7.6-beta > Copyright (C) 2017 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > > Home: /home/tom/.gnupg > Supported algorithms: > Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA > Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, > CAMELLIA128, CAMELLIA192, CAMELLIA256 > Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 > Compression: Uncompressed, ZIP, ZLIB, BZIP2
2017-06-13Refactor m4 macro namesTom Ryder1-2/+2
mi5(1df) means I can simplify these quite a bit now
2017-06-02Use mi5 to make templated shell scriptsTom Ryder1-0/+0
2017-06-02Move existing .m4 to .m4.mi5Tom Ryder1-1/+1
Along with accompanying Makefile rules and .gitignorances
2017-03-23Use consistent m4 prefixTom Ryder1-2/+2
2017-01-26Allow specifying GnuPG keyserverTom Ryder1-1/+1
2016-08-22Update SKS CRLTom Ryder1-15/+16
2016-03-28Remove blank lines at end of filesTom Ryder3-3/+0
2015-12-01Fix some trailing spacesTom Ryder1-1/+1
2014-11-13Generate gpg.conf from m4 template on make callTom Ryder5-1/+85
We have to do this because gpg.conf doesn't understand tilde or environment variable expansion in the configuration file, and the only reliable way to make the ca-cert-file option work between different implementations of gpg(1) and its cURL link is to explicitly specify the path to the CA file. This is probably a better approach than installing the thing as a trusted system CA anyway, which requires root privileges that I don't really want to assume anyone installing this has. I'm also including the CA, CRL, and .pem for the SKS keyservers in this commit. This seems a lesser evil than trying to pull them with cURL or wget at make(1) time.
2014-03-31Do PKA lookups for keysTom Ryder1-1/+4
2013-12-11Stop ``--batch'' breaking things for GnuPGTom Ryder1-2/+2
2013-11-04Add commentary to the cryptic GnuPG conf fileTom Ryder1-0/+34
2013-10-30Retrieve keys over hkps:// per RiseUp guideTom Ryder1-2/+2
<https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#consider-making-your-default-keyserver-use-a-keyse> The keyserver pool CA needs to be installed for this to work. On Debian: # curl https://sks-keyservers.net/sks-keyservers.netCA.pem \ > /usr/local/share/ca-certificates/sks-keyservers.netCA.crt # update-ca-certificates
2013-10-30Don't need to specify key ID, only using one nowTom Ryder1-1/+0
2013-10-11Add a few best practice settingsTom Ryder1-0/+4
2013-09-25Use closer PGP serverTom Ryder1-1/+1
2013-06-21Hold GnuPG keys for longerTom Ryder1-2/+2
2013-06-03Make GPG work a little more quietly/transparentlyTom Ryder1-0/+3
2013-05-31Add GnuPG configuration filesTom Ryder2-0/+13