Created
May 31, 2014 00:21
-
-
Save mattjbarlow/14e9965bead6ce5ce5c9 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # when outputting certificates, view user IDs distinctly from keys: | |
| fixed-list-mode | |
| # short-keyids are trivially spoofed; it's easy to create a long-keyid collision; if you care about strong key identifiers, you always want to see the fingerprint: | |
| keyid-format 0xlong | |
| with-fingerprint | |
| # when multiple digests are supported by all recipients, choose the strongest one: | |
| personal-digest-preferences SHA512 SHA384 SHA256 SHA224 | |
| # preferences chosen for new keys should prioritize stronger algorithms: | |
| default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed | |
| # If you use a graphical environment (and even if you don't) you should be using an agent: | |
| # (similar arguments as https://www.debian-administration.org/users/dkg/weblog/64) | |
| use-agent | |
| # You should always know at a glance which User IDs gpg thinks are legitimately bound to the keys in your keyring: | |
| verify-options show-uid-validity | |
| list-options show-uid-validity | |
| # include an unambiguous indicator of which key made a signature: | |
| # (see http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234) | |
| sig-notation [email protected]=%g | |
| # when making an OpenPGP certification, use a stronger digest than the default SHA1: | |
| cert-digest-algo SHA512 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment