gpg.conf recommendations (FAQ improvement) was: GnuPG 1.4.19 - Encryption Questions

Bernhard Reiter bernhard at intevation.de
Tue Aug 16 15:00:00 CEST 2016


Just noticed that the FAQ (and documentation) could be improved
to recommend some gpg.conf options:

Am Montag, 23. März 2015 18:46:53 schrieb Werner Koch:
> On Mon, 23 Mar 2015 17:29, CRivard at merkleinc.com said:
> > Question though - the gpg.conf file is optional?   If I want one I must
> > create it?
>
> Yes, it is optional.  If you have more than one key it is advisable to
> create one and add
>
> --8<---------------cut here---------------start------------->8---
> default-key 1234567812345678
> encrypt-to  1234567812345678
> keyid-format long
> keyserver hkp://keys.gnupg.net
> --8<---------------cut here---------------end--------------->8---
>
> So that gpg knows which is your default key (in this example the one
> with key id 1234567812345678), to which key all messages shall be
> encrypted in addition to the recipients (so that you can decrypt your
> own mails), that a keyserver shall be used, and finally to use the long
> keyid format.
>
> Depending on the mail program, you need to add an encrypt-to in any
> case.

So 
   keyid-format long
seems to be a general recommendation for a gpg.conf.
Reason: collisions with 32bit pubkey-ids, see evil32.com.
Drawback: possibly may break some scripts (*)?

And the FAQ should pick this up, the current version has 
| 8.7 What options should I put in my configuration file?
|
|The good news is, you really shouldn’t need to.
https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf

I could not find this recommendation in the texinfo manual.

(*) Was it discussed somewhere, which tools are affected, btw? 

Best,
Bernhard


-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20160816/64d39506/attachment.sig>


More information about the Gnupg-users mailing list