summaryrefslogtreecommitdiff
path: root/libre/pacman/gpg.conf
diff options
context:
space:
mode:
Diffstat (limited to 'libre/pacman/gpg.conf')
-rw-r--r--libre/pacman/gpg.conf50
1 files changed, 50 insertions, 0 deletions
diff --git a/libre/pacman/gpg.conf b/libre/pacman/gpg.conf
new file mode 100644
index 000000000..7fc6fc661
--- /dev/null
+++ b/libre/pacman/gpg.conf
@@ -0,0 +1,50 @@
+# pacman-key default options
+no-greeting
+no-permission-warning
+lock-never
+keyserver-options timeout=20
+
+# From duraconf
+# personal digest preferences
+personal-digest-preferences SHA512
+
+# message digest algorithm used when signing a key
+cert-digest-algo SHA512
+
+# Set the list of default preferences to string.
+# used for new keys and default for "setpref"
+default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
+
+# From
+# https://crabgrass.riseup.net/riseuplabs+paow/openpgp-best-practices
+# Only use secure keyservers
+keyserver hkps://hkps.pool.sks-keyservers.net
+keyserver-options ca-cert-file=~/.gnupg/sks-keyservers.netCA.pem
+keyserver-options no-honor-keyserver-url
+
+# when outputting certificates, view user IDs distinctly from keys:
+fixed-list-mode
+
+# short-keyids are trivially spoofed; it's easy to create a long-keyid
+# collision; if you care about strong key identifiers, you always want
+# to see the fingerprint:
+keyid-format 0xlong
+fingerprint
+
+# when multiple digests are supported by all recipients, choose the
+# strongest one:
+personal-digest-preferences SHA512 SHA384 SHA256 SHA224
+
+# If you use a graphical environment (and even if you don't)
+# you should be using an agent: (similar arguments as
+# https://www.debian-administration.org/users/dkg/weblog/64)
+use-agent
+
+# You should always know at a glance which User IDs gpg thinks are
+# legitimately bound to the keys in your keyring:
+verify-options show-uid-validity
+list-options show-uid-validity
+
+# include an unambiguous indicator of which key made a signature: (see
+# http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234)
+sig-notation issuer-fpr@notations.openpgp.fifthhorseman.net=%g