| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Old versions of gpg(1) don't support "none" as a --keyid-format; allow
specifying it as a Makefile variable KEYID_FORMAT.
|
|
|
|
| |
The manual page for gpg(1) says this is the safest way to do it.
|
|
|
|
|
|
|
|
| |
This was originally added to cut the decryption boilerplate, which no
longer seems to be an issue; I think that --quiet may be correctly
blocking it now. Even without this, it caused more problems than it
solved when gpg(1) genuinely did need user interaction from me, for
example for --update-trustdb.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
> gpg: keyserver option 'check-cert' is obsolete
> gpg: keyserver option 'ca-certfile' is unknown
> gpg (GnuPG) 2.1.18
> libgcrypt 1.7.6-beta
> Copyright (C) 2017 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Home: /home/tom/.gnupg
> Supported algorithms:
> Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
> CAMELLIA128, CAMELLIA192, CAMELLIA256
> Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
|
|
|
|
| |
mi5(1df) means I can simplify these quite a bit now
|
| |
|
|
|
|
| |
Along with accompanying Makefile rules and .gitignorances
|
| |
|
| |
|
|
|
|
| |
<https://sks-keyservers.net/verify_tls.php>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have to do this because gpg.conf doesn't understand tilde or
environment variable expansion in the configuration file, and the only
reliable way to make the ca-cert-file option work between different
implementations of gpg(1) and its cURL link is to explicitly specify the
path to the CA file.
This is probably a better approach than installing the thing as a
trusted system CA anyway, which requires root privileges that I don't
really want to assume anyone installing this has.
I'm also including the CA, CRL, and .pem for the SKS keyservers in this
commit. This seems a lesser evil than trying to pull them with cURL or
wget at make(1) time.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
<https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#consider-making-your-default-keyserver-use-a-keyse>
The keyserver pool CA needs to be installed for this to work. On Debian:
# curl https://sks-keyservers.net/sks-keyservers.netCA.pem \
> /usr/local/share/ca-certificates/sks-keyservers.netCA.crt
# update-ca-certificates
|
| |
|
|
|
|
| |
<https://we.riseup.net/riseuplabs+paow/openpgp-best-practices>
|
| |
|
| |
|
| |
|
|
|