gpg.conf: settings for security and compatibility
gnupgpack at on.yourweb.de
gnupgpack at on.yourweb.de
Tue Nov 25 09:31:30 CET 2014
Hello to all,
my newbie post...
I am struggling with gpg.conf for GnuPG-Pack-14.11.x (gpg 1.4.18).
Dealing with encryption should be secure, cross-mailer interoperability and
compatibility should be maximized between PGP/GnuPG/GPG/OpenPG and different
os (Win/Mac/Linux).
There are some known hash size problems with Debian (no SHA 512), so SHA256
will be used.
Newer SmartCards accept keysize <= 3072 bit.
Key is divided in:
masterkey C (RSA4096)
subkey A (RSA3072)
subkey E (RSA3072)
subkey S (DSA3072, smaller sig!)
Suggestion for gpg.conf (pls optimize, I am a newbie...):
fixed-list-mode
# keyserver hkp://eu.pool.sks-keyservers.net
# default-keyserver-url hkp://eu.pool.sks-keyservers.net
expert
enable-large-rsa
s2k-count 1000000
s2k-digest-algo SHA256
s2k-cipher-algo AES256
cert-digest-algo SHA256
digest-algo SHA256
personal-cipher-preferences AES256 TWOFISH AES192 AES CAST5 3DES
personal-digest-preferences SHA256 SHA384 SHA512 SHA224
personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
default-preference-list SHA256 SHA384 SHA512 SHA224 AES256 TWOFISH AES192
AES CAST5 3DES ZLIB BZIP2 ZIP Uncompressed
no-emit-version
use-agent
verify-options
show-uid-validity,show-notations,show-policy-urls,show-keyserver-urls
list-options
show-uid-validity,show-notations,show-policy-urls,show-keyserver-urls,show-s
ig-expire
Is there a proofed gpg.conf out there?
Thanks, best regards, @g.
More information about the Gnupg-users
mailing list