diff --git a/configs/gnupg/gpg.conf b/configs/gnupg/gpg.conf index a8558ce..0c13e1c 100644 --- a/configs/gnupg/gpg.conf +++ b/configs/gnupg/gpg.conf @@ -1,6 +1,7 @@ # # This is an implementation of the Riseup OpenPGP Best Practices # https://help.riseup.net/en/security/message-security/openpgp/best-practices +# Modified by HacKan # @@ -11,7 +12,7 @@ # The default key to sign with. If this option is not used, the default key is # the first key found in the secret keyring -#default-key 0xD8692123C4065DEA5E0F3AB5249B39D24F25E3B6 +#default-key #----------------------------- @@ -39,6 +40,9 @@ verify-options show-uid-validity use-agent +# Create anonymous messages +#throw-keyid + #----------------------------- # keyserver #----------------------------- @@ -72,15 +76,31 @@ keyserver-options include-revoked # list of personal digest preferences. When multiple digests are supported by # all recipients, choose the strongest one -personal-cipher-preferences AES256 AES192 AES CAST5 +personal-cipher-preferences AES256 TWOFISH # list of personal digest preferences. When multiple ciphers are supported by # all recipients, choose the strongest one -personal-digest-preferences SHA512 SHA384 SHA256 SHA224 +personal-digest-preferences SHA512 SHA384 # message digest algorithm used when signing a key cert-digest-algo SHA512 # This preference list is used for new keys and becomes the default for # "setpref" in the edit menu -default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed +default-preference-list SHA512 SHA384 SHA256 SHA224 RIPEMD160 AES256 TWOFISH BLOWFISH CAMELLIA256 CAST5 ZLIB BZIP2 ZIP Uncompressed + +# To protect secret keys +s2k-cipher-algo TWOFISH +s2k-digest-algo SHA512 +s2k-mode 3 + +# Use the following when encrypting/signing in (a)symmetric mode +cipher-algo AES256 +digest-algo SHA512 +compress-algo 2 + +# Disable insecure algos +disable-cipher-algo 3DES IDEA + +# Force the use of encryption with a modification detection code. +force-mdc