diff --git a/bootstrap.sh b/bootstrap.sh
index 5b7329e..f1fe2e1 100755
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -21,6 +21,16 @@ test -L $HOME/.sheldon/plugins.toml || ln -f -s $BASEDIR/sheldon.toml $HOME/.she
 test -L $HOME/.zsh || ln -f -s $BASEDIR/zsh $HOME/.zsh
 test -L $HOME/.zshrc || ln -f -s $BASEDIR/zshrc.zsh $HOME/.zshrc
 
+# setup gpg conf
+test -d $HOME/.gnupg || mkdir $HOME/.gnupg
+cp -f $BASEDIR/gnupg/common.conf $HOME/.gnupg/common.conf
+cp -f $BASEDIR/gnupg/dirmngr.conf $HOME/.gnupg/dirmngr.conf
+cp -f $BASEDIR/gnupg/gpg.conf $HOME/.gnupg/gpg.conf
+chmod 700 $HOME/.gnupg
+chmod 640 $HOME/.gnupg/common.conf
+chmod 640 $HOME/.gnupg/dirmngr.conf
+chmod 640 $HOME/.gnupg/gpg.conf
+
 # ln vim files
 echo "Setting up vim"
 test -d $HOME/.vim && rm -rf $HOME/.vim
diff --git a/gnupg/common.conf b/gnupg/common.conf
new file mode 100644
index 0000000..0ccf55c
--- /dev/null
+++ b/gnupg/common.conf
@@ -0,0 +1 @@
+use-keyboxd
\ No newline at end of file
diff --git a/gnupg/dirmngr.conf b/gnupg/dirmngr.conf
new file mode 100644
index 0000000..72fd803
--- /dev/null
+++ b/gnupg/dirmngr.conf
@@ -0,0 +1,2 @@
+# Use modern keyserver
+keyserver hkps://keys.openpgp.org
\ No newline at end of file
diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf
new file mode 100644
index 0000000..17118cf
--- /dev/null
+++ b/gnupg/gpg.conf
@@ -0,0 +1,45 @@
+# Don't hide options from the user
+expert
+
+# Use UTF-8
+utf8-strings
+
+# Ensure all keys are loaded from the designated keyserver
+# When creating a key, individuals may designate a specific keyserver to use to
+# pull their keys from, we shall ignore this
+keyserver-options no-honor-keyserver-url
+
+# Auto-retrieve keys
+# GnuPG can automatically locate and retrieve keys as needed using this option.
+# This happens when encrypting to an email address (in the "user@@example.com"
+# form) and there are no keys matching "user@example.com" in the local keyring.
+# This option takes any number mechanisms which are tried in the given order.
+# The default is "--auto-key-locate local" to search for keys only in the local
+# key database. Uncomment the next line to locate a missing key using two DNS
+# based mechanisms.
+auto-key-locate local,pka,dane
+
+# Get the best of the WoT and ToFU:
+trust-model tofu+pgp
+tofu-default-policy unknown
+
+# Display long key IDs
+keyid-format 0xlong
+
+# Display the calculated validity of user IDs during key listings
+list-options show-uid-validity
+verify-options show-uid-validity
+
+# Disable comment string in clear text signatures and ASCII armored messages
+no-comments
+
+# Define preferences
+# This is based on the article at bettercrypto.org/#pretty_good_privacy
+personal-digest-preferences SHA512
+cert-digest-algo SHA512
+default-preference-list AES256 CAMELLIA256 AES192 CAMELLIA192 AES CAMELLIA128 TWOFISH SHA512 SHA384 SHA256 BZIP2 ZLIB ZIP
+
+# Disable weak digests
+# May be overriden with --allow-weak-digest-algos
+weak-digest MD5
+weak-digest SHA1
\ No newline at end of file