From a4b17a9af86ab88cfe48e616284b56c1bdf019bd Mon Sep 17 00:00:00 2001 From: Tom Ryder Date: Fri, 29 Dec 2017 13:02:15 +1300 Subject: Remove --batch option and wrapper for gpg(1) This was originally added to cut the decryption boilerplate, which no longer seems to be an issue; I think that --quiet may be correctly blocking it now. Even without this, it caused more problems than it solved when gpg(1) genuinely did need user interaction from me, for example for --update-trustdb. --- gnupg/gpg.conf.mi5 | 5 ----- 1 file changed, 5 deletions(-) (limited to 'gnupg/gpg.conf.mi5') diff --git a/gnupg/gpg.conf.mi5 b/gnupg/gpg.conf.mi5 index 1617a979..74363441 100644 --- a/gnupg/gpg.conf.mi5 +++ b/gnupg/gpg.conf.mi5 @@ -1,11 +1,6 @@ # Retrieve certs automatically if possible auto-key-locate cert pka -# Prevent boilerplate about needing key decryption, which is handled by the -# agent; the gpg function in my Bash scripts overrides this for certain -# commands where it interferes -batch - # Use SHA512 as the hash when making key signatures cert-digest-algo SHA512 -- cgit v1.2.3 From 78b3e38915bbca43c0ff66d1d20c87e08ad0a8cb Mon Sep 17 00:00:00 2001 From: Tom Ryder Date: Fri, 29 Dec 2017 13:52:30 +1300 Subject: Use only fingerprints for GnuPG keys The manual page for gpg(1) says this is the safest way to do it. --- gnupg/gpg.conf.mi5 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnupg/gpg.conf.mi5') diff --git a/gnupg/gpg.conf.mi5 b/gnupg/gpg.conf.mi5 index 74363441..c3f80b7e 100644 --- a/gnupg/gpg.conf.mi5 +++ b/gnupg/gpg.conf.mi5 @@ -13,8 +13,8 @@ default-recipient-self # Show complete dates and use proper column separation for --with-colon listing mode fixed-list-mode -# Use 16-character key IDs as the default 8-character key IDs can be forged -keyid-format 0xlong +# Use only fingerprints as key IDs +keyid-format none # Use a pool of servers which support HKPS (encrypted key retrieval) keyserver <% KEYSERVER %> -- cgit v1.2.3