rtfd/rtfd/public/gnupg/configure.rst
2021-12-11 15:32:21 +01:00

88 lines
1.3 KiB
ReStructuredText

Configure
=========
If up:
.. code:: shell
killall -9 gpg-agent
killall -9 dirmngr
wipe if needed
--------------
.. code:: shell
rm --force --recursive ~/.gnupg
mkdir -m 700 ~/.gnupg
check available algorithms
--------------------------
.. code:: shell
gpg --version
avoid default use of SHA256
---------------------------
* gpg.conf
::
keyid-format long
keyserver-options include-revoked
list-options show-uid-validity
no-verbose
verify-options show-uid-validity
with-fingerprint
with-keygrip
with-subkey-fingerprint
no-comments
no-emit-version
default-preference-list SHA512 AES256 BZIP2
cert-digest-algo SHA512
cipher-algo AES256
compress-algo BZIP2
digest-algo SHA512
personal-cipher-preferences AES256
personal-digest-preferences SHA512
personal-compress-preferences BZIP2
s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-mode 3
s2k-count 65011712
avoid DL/UL issues, depending on DNS
------------------------------------
* dirmngr.conf
::
keyserver hkps://keys.openpgp.org
standard-resolver
authenticate
------------
* gpg-agent.conf
::
enable-ssh-support
* sshcontrol
KeyGrip to use if there are several
::
KKEEYYGGRRIIPP
* export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)