jeffryang24 · October 15, 2023 17:42
diff --git a/.gitconfig b/.gitconfig
 [user]
 	name = Jeffry Angtoni
 	email = [email protected]
 	# Add GPG signing key later, use exclamation mark for subkey.
 #	signingKey = 4BB6D45482678BE3!
 [core]
 	editor = vim
 	# Use true for windows, and input for linux/mac os.
 	autocrlf = true
 [color]
 	ui = auto
 [diff]
 	submodule = log
 [status]
 	submodulesummary = 1
 [grep]
 	extendedRegexp = true
 	lineNumber = true
 [log]
 	abbrevCommit = true
 [push]
 	recurseSubmodules = on-demand
 [fetch]
 	recurseSubmodules = on-demand
 # Set this config later after gpg key has been created.
 #[commit]
 #	gpgSign = true
 [alias]
 	aliases = config --get-regexp '^alias\\.'
 	push-with-lease = push --force-with-lease
 	reword = commit --amend
 	sinit = submodule update --init --recursive
 	supdatem = submodule update --remote --merge
 	supdater = submodule update --remote --rebase
diff --git a/dirmngr.conf b/dirmngr.conf
 # ╔═══════════════════════════════════════════════════════════════════════════╗
 # ║ dirmngr configuration (~/.gnupg/dirmngr.conf)                             ║
 # ║                                                                           ║
 # ║ Since GnuPG 2.1 dirmngr takes care of OpenPGP keyservers.                 ║
 # ║ Save this file as ~/.gnupg/dirmngr.conf, or somewhere else and specify    ║
 # ║ its location with the '--options <file>' option.                          ║
 # ╚═══════════════════════════════════════════════════════════════════════════╝


 # This is the server to communicate with in order to receive keys (--recv-keys)
 # from, send keys (--send-keys) to, and search for keys (--search-keys)
 keyserver hkps://keys.openpgp.org
diff --git a/gpg-agent.conf b/gpg-agent.conf
 # ╔═══════════════════════════════════════════════════════════════════════════╗
 # ║ gpg-agent configuration (~/.gnupg/gpg-agent.conf)                         ║
 # ║                                                                           ║
 # ║ Note:                                                                     ║
 # ║ After changing the configuration, reload the agent:                       ║
 # ║   $ gpg-connect-agent reloadagent /bye                                    ║
 # ╚═══════════════════════════════════════════════════════════════════════════╝


 # Time a cache entry is valid (in seconds) default: 600 (10 minutes)
 # Each time a cache entry is accessed, the entry's timer is reset
 default-cache-ttl 600

 # Select PIN entry program (qt, curses, gnome3,...)
 # On Gentoo Linux: see also 'eselect pinentry list'
 #pinentry-program /usr/bin/pinentry-tty
 pinentry-program /usr/bin/pinentry-curses
 #pinentry-program /usr/bin/pinentry-gnome3

 # Allow clients to use the loopback pinentry features.
 allow-loopback-pinentry

 # Use GnuPG agent for SSH keys (instead of ssh-agent)
 # Note: Make sure that gpg-agent is always started with login.
 #
 # This can be done by adding the following to ~/.bashrc:
 #   # Start gpg-agent if not already running
 #   if ! pgrep -x -u "${USER}" gpg-agent &> /dev/null; then
 #        gpg-connect-agent /bye &> /dev/null
 #   fi
 #
 # Additionally add:
 #   # Set SSH to use gpg-agent (see 'man gpg-agent', section EXAMPLES)
 #   unset SSH_AGENT_PID
 #   if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
 #       # export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
 #       export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
 #   fi
 #
 #   # Set GPG TTY as stated in 'man gpg-agent'
 #   export GPG_TTY=$(tty)
 #
 #   # Refresh gpg-agent tty in case user switches into an X session
 #   gpg-connect-agent updatestartuptty /bye > /dev/null
 #
 # For more details, see https://wiki.archlinux.org/title/GnuPG#SSH_agent
 enable-ssh-support
diff --git a/gpg.conf b/gpg.conf
 # ╔═══════════════════════════════════════════════════════════════════════════╗
 # ║ gpg configuration (~/.gnupg/gpg.conf)                                     ║
 # ║                                                                           ║
 # ║ This options file can contain any long options which are available in     ║
 # ║ GnuPG. See gpg(1) for a full list of options.                             ║
 # ║                                                                           ║
 # ║ Also useful: https://riseup.net/en/gpg-best-practices                     ║
 # ║                                                                           ║
 # ║ Note: Since GnuPG 2.1 some keyserver options have been moved to dirmngr   ║
 # ╚═══════════════════════════════════════════════════════════════════════════╝


 # ┌───────────────────────────────────────────────────────────────────────────┐
 # │ Default key and recipient                                                 │
 # └───────────────────────────────────────────────────────────────────────────┘

 # If you have more than one secret key in your keyring, you may want to
 # uncomment the following option and set your preferred keyid.
 #default-key [key_with_flag_S]

 # If you do not pass a recipient to gpg, it will ask for one. Using this option
 # you can encrypt to a default key. Key validation will not be done in this
 # case. The second form uses the default key as default recipient.
 #default-recipient [key_with_flag_E]
 #default-recipient-self


 # ┌───────────────────────────────────────────────────────────────────────────┐
 # │ Behavior                                                                  │
 # └───────────────────────────────────────────────────────────────────────────┘

 # Get rid of the copyright notice
 no-greeting

 # Disable comment string in clear text signatures and ASCII armored messages
 no-comments

 # Disable inclusion of the version string in ASCII armored output
 no-emit-version

 # Select how to display key IDs: none|short|long|0xshort|0xlong
 keyid-format 0xlong

 # List keys with their fingerprints
 with-fingerprint

 # If a fingerprint is printed for the primary key, this option forces printing of the fingerprint for all subkeys.
 with-subkey-fingerprint

 # Display the calculated validity of the user IDs during key listings
 list-options show-uid-validity
 verify-options show-uid-validity

 # Turn "From" into "> From", in order to play nice with UNIX mailboxes.
 escape-from-lines

 # When verifying a signature made from a subkey, require that the
 # cross-certification "back signature" on the subkey is present and valid.
 require-cross-certification

 # Use GnuPG Agent (gpg-agent) for secret key management.
 use-agent

 # Disable the passphrase cache used for symmetrical en- and decryption.
 no-symkey-cache

 # Do not automatically locate and retrieve keys as needed.
 no-auto-key-locate

 # Disable the automatic retrieving of keys from a keyserver when verifying signatures made by keys that are not on the local keyring.
 no-auto-key-retrieve

 # Do not put the recipient key IDs into encrypted messages.
 # This helps to hide the receivers of the message and is a limited countermeasure against traffic analysis.
 throw-keyids

 # ┌───────────────────────────────────────────────────────────────────────────┐
 # │ Algorithms and ciphers                                                    │
 # └───────────────────────────────────────────────────────────────────────────┘

 # List of personal digest preferences. When multiple digest are supported by
 # all recipients, choose the strongest one
 personal-digest-preferences SHA512 SHA384 SHA256 SHA224

 # List of personal cipher preferences. When multiple ciphers are supported by
 # all recipients, choose the strongest one
 personal-cipher-preferences AES256 AES192 AES CAMELLIA256 CAMELLIA192 CAMELLIA128

 # List of personal compress preferences. When multiple compression are supported by
 # all recipients, choose the optimized one
 personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed

 # Preference list used for new keys. It becomes the default for "setpref" in the
 # edit menu
 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAMELLIA256 CAMELLIA192 CAMELLIA128 ZLIB BZIP2 ZIP Uncompressed

 # Message digest algorithm used when signing a key
 cert-digest-algo SHA512

 # Never allow the use of name as cipher algorithm.
 # The given name will not be checked so that a later loaded algorithm will still get disabled.
 disable-cipher-algo 3DES

 # Treat the specified digest algorithm as weak.
 # Signatures made over weak digests algorithms are normally rejected.
 weak-digest SHA1

 # S2K Mode: Use a specified algorithm as the symmetric cipher for encrypting private keys.
 s2k-cipher-algo AES256

 # S2K Mode: Set the message digest algorithm for mangling passphrases protecting private keys.
 s2k-digest-algo SHA512

 # S2K Mode: Sets how passphrases are mangled.
 # 0: Simple (hash applied one time to password)
 # 1: Salted (hash applied one time to password+8 byte salt)
 # 3: Iterated and salted (hash applied chosen number of times to password+8 byte salt)
 s2k-mode 3

 # S2K Mode: Sets number of rounds this hash function will be applied.
 # It supports from 1024 to 65011712.
 s2k-count 65011712

 # ┌───────────────────────────────────────────────────────────────────────────┐
 # │ Key servers                                                               │
 # └───────────────────────────────────────────────────────────────────────────┘

 # When using --refresh-keys, if the key in question has a preferred keyserver
 # URL, then disable use of that preferred keyserver to refresh the key from
 keyserver-options no-honor-keyserver-url

 # When searching for a key with --search-keys, include keys that are marked on
 # the keyserver as revoked
 keyserver-options include-revoked
diff --git a/gpg.sh b/gpg.sh
 #!/usr/bin/sh

 # ╔═══════════════════════════════════════════════════════════════════════════╗
 # ║ GnuPG configuration                                                       ║
 # ║ Use GnuPG's gpg-agent(1) for SSH keys instead of ssh-agent(1)             ║
 # ║                                                                           ║
 # ║ This file needs to be sources by ~/.bashrc (or similar) if gpg-agent is   ║
 # ║ used instead of ssh-agent for SSH keys.                                   ║
 # ║                                                                           ║
 # ║ If this is not the case, adding "export GPG_TTY=$(tty)" to ~/.bashrc is   ║
 # ║ enough.                                                                   ║
 # ╚═══════════════════════════════════════════════════════════════════════════╝

 # Notes:
 #
 # - There seems to be a bug when gpg(1) is used for the first time to
 #   generate a key while the gpg-agent daemon is already running, for example,
 #   because this script launched the agent. Therefore, before the very first key
 #   is generated make sure that gpg-agent is not running, or the following error
 #   shows up:
 #
 #       gpg: agent_genkey failed: No such file or directory
 #
 # - All GnuPG tools start the gpg-agent as needed. This is not possible for the
 #   SSH support because SSH doesn't know about it. Thus, if no GnuPG tool which
 #   accesses the agent has been run, SSH won't be able to use gpg-agent for
 #   authentication. So, we have to make sure that gpg-agent is always started
 #   with login.
 #   Once gpg-agent is running use ssh-add to approve keys, following the same
 #   steps as for ssh-agent. The list of approved keys is stored in the
 #   ~/.gnupg/sshcontrol file. Once a key is approved, a pinentry dialog pops up
 #   every time a passphrase is needed.


 # Start gpg-agent if not already running
 if ! pgrep -x -u "${USER}" gpg-agent &> /dev/null; then
  gpg-connect-agent /bye &> /dev/null
 fi


 # Set SSH to use gpg-agent [see gpg-agent(1), section EXAMPLES]. The test is
 # needed if the agent is started as 'gpg-agent --daemon /bin/sh', in which case
 # the shell inherits SSH_AUTH_SOCK from the parent, gpg-agent.
 unset SSH_AGENT_PID
 if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
  export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
 fi

 # Always set GPG_TTY
 export GPG_TTY=$(tty)

 # Refresh gpg-agent TTY in case user switches into an X session. If the user
 # needs to be prompted for a passphrase, which is necessary for decrypting the
 # stored key, the ssh-agent protocol does not contain a mechanism for telling
 # the agent on which display/terminal it is running. gpg-agent's ssh-support
 # will therefore use the TTY or X display where gpg-agent has been started. To
 # switch this display to the current one, the following command may be used:
 gpg-connect-agent updatestartuptty /bye > /dev/null
	[user]
	name = Jeffry Angtoni
	email = [email protected]
	# Add GPG signing key later, use exclamation mark for subkey.
	# signingKey = 4BB6D45482678BE3!
	[core]
	editor = vim
	# Use true for windows, and input for linux/mac os.
	autocrlf = true
	[color]
	ui = auto
	[diff]
	submodule = log
	[status]
	submodulesummary = 1
	[grep]
	extendedRegexp = true
	lineNumber = true
	[log]
	abbrevCommit = true
	[push]
	recurseSubmodules = on-demand
	[fetch]
	recurseSubmodules = on-demand
	# Set this config later after gpg key has been created.
	#[commit]
	# gpgSign = true
	[alias]
	aliases = config --get-regexp '^alias\\.'
	push-with-lease = push --force-with-lease
	reword = commit --amend
	sinit = submodule update --init --recursive
	supdatem = submodule update --remote --merge
	supdater = submodule update --remote --rebase
	# ╔═══════════════════════════════════════════════════════════════════════════╗
	# ║ dirmngr configuration (~/.gnupg/dirmngr.conf) ║
	# ║ ║
	# ║ Since GnuPG 2.1 dirmngr takes care of OpenPGP keyservers. ║
	# ║ Save this file as ~/.gnupg/dirmngr.conf, or somewhere else and specify ║
	# ║ its location with the '--options <file>' option. ║
	# ╚═══════════════════════════════════════════════════════════════════════════╝


	# This is the server to communicate with in order to receive keys (--recv-keys)
	# from, send keys (--send-keys) to, and search for keys (--search-keys)
	keyserver hkps://keys.openpgp.org
	# ╔═══════════════════════════════════════════════════════════════════════════╗
	# ║ gpg-agent configuration (~/.gnupg/gpg-agent.conf) ║
	# ║ ║
	# ║ Note: ║
	# ║ After changing the configuration, reload the agent: ║
	# ║ $ gpg-connect-agent reloadagent /bye ║
	# ╚═══════════════════════════════════════════════════════════════════════════╝


	# Time a cache entry is valid (in seconds) default: 600 (10 minutes)
	# Each time a cache entry is accessed, the entry's timer is reset
	default-cache-ttl 600

	# Select PIN entry program (qt, curses, gnome3,...)
	# On Gentoo Linux: see also 'eselect pinentry list'
	#pinentry-program /usr/bin/pinentry-tty
	pinentry-program /usr/bin/pinentry-curses
	#pinentry-program /usr/bin/pinentry-gnome3

	# Allow clients to use the loopback pinentry features.
	allow-loopback-pinentry

	# Use GnuPG agent for SSH keys (instead of ssh-agent)
	# Note: Make sure that gpg-agent is always started with login.
	#
	# This can be done by adding the following to ~/.bashrc:
	# # Start gpg-agent if not already running
	# if ! pgrep -x -u "${USER}" gpg-agent &> /dev/null; then
	# gpg-connect-agent /bye &> /dev/null
	# fi
	#
	# Additionally add:
	# # Set SSH to use gpg-agent (see 'man gpg-agent', section EXAMPLES)
	# unset SSH_AGENT_PID
	# if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
	# # export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
	# export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
	# fi
	#
	# # Set GPG TTY as stated in 'man gpg-agent'
	# export GPG_TTY=$(tty)
	#
	# # Refresh gpg-agent tty in case user switches into an X session
	# gpg-connect-agent updatestartuptty /bye > /dev/null
	#
	# For more details, see https://wiki.archlinux.org/title/GnuPG#SSH_agent
	enable-ssh-support
	# ╔═══════════════════════════════════════════════════════════════════════════╗
	# ║ gpg configuration (~/.gnupg/gpg.conf) ║
	# ║ ║
	# ║ This options file can contain any long options which are available in ║
	# ║ GnuPG. See gpg(1) for a full list of options. ║
	# ║ ║
	# ║ Also useful: https://riseup.net/en/gpg-best-practices ║
	# ║ ║
	# ║ Note: Since GnuPG 2.1 some keyserver options have been moved to dirmngr ║
	# ╚═══════════════════════════════════════════════════════════════════════════╝


	# ┌───────────────────────────────────────────────────────────────────────────┐
	# │ Default key and recipient │
	# └───────────────────────────────────────────────────────────────────────────┘

	# If you have more than one secret key in your keyring, you may want to
	# uncomment the following option and set your preferred keyid.
	#default-key [key_with_flag_S]

	# If you do not pass a recipient to gpg, it will ask for one. Using this option
	# you can encrypt to a default key. Key validation will not be done in this
	# case. The second form uses the default key as default recipient.
	#default-recipient [key_with_flag_E]
	#default-recipient-self


	# ┌───────────────────────────────────────────────────────────────────────────┐
	# │ Behavior │
	# └───────────────────────────────────────────────────────────────────────────┘

	# Get rid of the copyright notice
	no-greeting

	# Disable comment string in clear text signatures and ASCII armored messages
	no-comments

	# Disable inclusion of the version string in ASCII armored output
	no-emit-version

	# Select how to display key IDs: none\|short\|long\|0xshort\|0xlong
	keyid-format 0xlong

	# List keys with their fingerprints
	with-fingerprint

	# If a fingerprint is printed for the primary key, this option forces printing of the fingerprint for all subkeys.
	with-subkey-fingerprint

	# Display the calculated validity of the user IDs during key listings
	list-options show-uid-validity
	verify-options show-uid-validity

	# Turn "From" into "> From", in order to play nice with UNIX mailboxes.
	escape-from-lines

	# When verifying a signature made from a subkey, require that the
	# cross-certification "back signature" on the subkey is present and valid.
	require-cross-certification

	# Use GnuPG Agent (gpg-agent) for secret key management.
	use-agent

	# Disable the passphrase cache used for symmetrical en- and decryption.
	no-symkey-cache

	# Do not automatically locate and retrieve keys as needed.
	no-auto-key-locate

	# Disable the automatic retrieving of keys from a keyserver when verifying signatures made by keys that are not on the local keyring.
	no-auto-key-retrieve

	# Do not put the recipient key IDs into encrypted messages.
	# This helps to hide the receivers of the message and is a limited countermeasure against traffic analysis.
	throw-keyids

	# ┌───────────────────────────────────────────────────────────────────────────┐
	# │ Algorithms and ciphers │
	# └───────────────────────────────────────────────────────────────────────────┘

	# List of personal digest preferences. When multiple digest are supported by
	# all recipients, choose the strongest one
	personal-digest-preferences SHA512 SHA384 SHA256 SHA224

	# List of personal cipher preferences. When multiple ciphers are supported by
	# all recipients, choose the strongest one
	personal-cipher-preferences AES256 AES192 AES CAMELLIA256 CAMELLIA192 CAMELLIA128

	# List of personal compress preferences. When multiple compression are supported by
	# all recipients, choose the optimized one
	personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed

	# Preference list used for new keys. It becomes the default for "setpref" in the
	# edit menu
	default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAMELLIA256 CAMELLIA192 CAMELLIA128 ZLIB BZIP2 ZIP Uncompressed

	# Message digest algorithm used when signing a key
	cert-digest-algo SHA512

	# Never allow the use of name as cipher algorithm.
	# The given name will not be checked so that a later loaded algorithm will still get disabled.
	disable-cipher-algo 3DES

	# Treat the specified digest algorithm as weak.
	# Signatures made over weak digests algorithms are normally rejected.
	weak-digest SHA1

	# S2K Mode: Use a specified algorithm as the symmetric cipher for encrypting private keys.
	s2k-cipher-algo AES256

	# S2K Mode: Set the message digest algorithm for mangling passphrases protecting private keys.
	s2k-digest-algo SHA512

	# S2K Mode: Sets how passphrases are mangled.
	# 0: Simple (hash applied one time to password)
	# 1: Salted (hash applied one time to password+8 byte salt)
	# 3: Iterated and salted (hash applied chosen number of times to password+8 byte salt)
	s2k-mode 3

	# S2K Mode: Sets number of rounds this hash function will be applied.
	# It supports from 1024 to 65011712.
	s2k-count 65011712

	# ┌───────────────────────────────────────────────────────────────────────────┐
	# │ Key servers │
	# └───────────────────────────────────────────────────────────────────────────┘

	# When using --refresh-keys, if the key in question has a preferred keyserver
	# URL, then disable use of that preferred keyserver to refresh the key from
	keyserver-options no-honor-keyserver-url

	# When searching for a key with --search-keys, include keys that are marked on
	# the keyserver as revoked
	keyserver-options include-revoked
	#!/usr/bin/sh

	# ╔═══════════════════════════════════════════════════════════════════════════╗
	# ║ GnuPG configuration ║
	# ║ Use GnuPG's gpg-agent(1) for SSH keys instead of ssh-agent(1) ║
	# ║ ║
	# ║ This file needs to be sources by ~/.bashrc (or similar) if gpg-agent is ║
	# ║ used instead of ssh-agent for SSH keys. ║
	# ║ ║
	# ║ If this is not the case, adding "export GPG_TTY=$(tty)" to ~/.bashrc is ║
	# ║ enough. ║
	# ╚═══════════════════════════════════════════════════════════════════════════╝

	# Notes:
	#
	# - There seems to be a bug when gpg(1) is used for the first time to
	# generate a key while the gpg-agent daemon is already running, for example,
	# because this script launched the agent. Therefore, before the very first key
	# is generated make sure that gpg-agent is not running, or the following error
	# shows up:
	#
	# gpg: agent_genkey failed: No such file or directory
	#
	# - All GnuPG tools start the gpg-agent as needed. This is not possible for the
	# SSH support because SSH doesn't know about it. Thus, if no GnuPG tool which
	# accesses the agent has been run, SSH won't be able to use gpg-agent for
	# authentication. So, we have to make sure that gpg-agent is always started
	# with login.
	# Once gpg-agent is running use ssh-add to approve keys, following the same
	# steps as for ssh-agent. The list of approved keys is stored in the
	# ~/.gnupg/sshcontrol file. Once a key is approved, a pinentry dialog pops up
	# every time a passphrase is needed.


	# Start gpg-agent if not already running
	if ! pgrep -x -u "${USER}" gpg-agent &> /dev/null; then
	gpg-connect-agent /bye &> /dev/null
	fi


	# Set SSH to use gpg-agent [see gpg-agent(1), section EXAMPLES]. The test is
	# needed if the agent is started as 'gpg-agent --daemon /bin/sh', in which case
	# the shell inherits SSH_AUTH_SOCK from the parent, gpg-agent.
	unset SSH_AGENT_PID
	if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
	export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
	fi

	# Always set GPG_TTY
	export GPG_TTY=$(tty)

	# Refresh gpg-agent TTY in case user switches into an X session. If the user
	# needs to be prompted for a passphrase, which is necessary for decrypting the
	# stored key, the ssh-agent protocol does not contain a mechanism for telling
	# the agent on which display/terminal it is running. gpg-agent's ssh-support
	# will therefore use the TTY or X display where gpg-agent has been started. To
	# switch this display to the current one, the following command may be used:
	gpg-connect-agent updatestartuptty /bye > /dev/null