jonny/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move gpg config into dotfiles repo

Browse source
This commit is contained in:
Jonny Barnes 2024-04-29 18:22:54 +01:00
parent 2cad87d43c
commit 545d574334
Signed by: jonny
SSH key fingerprint: SHA256:CTuSlns5U7qlD9jqHvtnVmfYV3Zwl2Z7WnJ4/dqOaL8
4 changed files with 58 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
bootstrap.sh
View file

@ -21,6 +21,16 @@ test -L $HOME/.sheldon/plugins.toml || ln -f -s $BASEDIR/sheldon.toml $HOME/.she
test -L $HOME/.zsh || ln -f -s $BASEDIR/zsh $HOME/.zsh test -L $HOME/.zsh || ln -f -s $BASEDIR/zsh $HOME/.zsh
test -L $HOME/.zshrc || ln -f -s $BASEDIR/zshrc.zsh $HOME/.zshrc test -L $HOME/.zshrc || ln -f -s $BASEDIR/zshrc.zsh $HOME/.zshrc
# setup gpg conf
test -d $HOME/.gnupg || mkdir $HOME/.gnupg
cp -f $BASEDIR/gnupg/common.conf $HOME/.gnupg/common.conf
cp -f $BASEDIR/gnupg/dirmngr.conf $HOME/.gnupg/dirmngr.conf
cp -f $BASEDIR/gnupg/gpg.conf $HOME/.gnupg/gpg.conf
chmod 700 $HOME/.gnupg
chmod 640 $HOME/.gnupg/common.conf
chmod 640 $HOME/.gnupg/dirmngr.conf
chmod 640 $HOME/.gnupg/gpg.conf
# ln vim files # ln vim files
echo "Setting up vim" echo "Setting up vim"
test -d $HOME/.vim && rm -rf $HOME/.vim test -d $HOME/.vim && rm -rf $HOME/.vim

1
gnupg/common.conf Normal file
View file

@ -0,0 +1 @@
use-keyboxd

2
gnupg/dirmngr.conf Normal file
View file

@ -0,0 +1,2 @@
# Use modern keyserver
keyserver hkps://keys.openpgp.org

45
gnupg/gpg.conf Normal file
View file

@ -0,0 +1,45 @@
# Don't hide options from the user
expert
# Use UTF-8
utf8-strings
# Ensure all keys are loaded from the designated keyserver
# When creating a key, individuals may designate a specific keyserver to use to
# pull their keys from, we shall ignore this
keyserver-options no-honor-keyserver-url
# Auto-retrieve keys
# GnuPG can automatically locate and retrieve keys as needed using this option.
# This happens when encrypting to an email address (in the "user@@example.com"
# form) and there are no keys matching "user@example.com" in the local keyring.
# This option takes any number mechanisms which are tried in the given order.
# The default is "--auto-key-locate local" to search for keys only in the local
# key database. Uncomment the next line to locate a missing key using two DNS
# based mechanisms.
auto-key-locate local,pka,dane
# Get the best of the WoT and ToFU:
trust-model tofu+pgp
tofu-default-policy unknown
# Display long key IDs
keyid-format 0xlong
# Display the calculated validity of user IDs during key listings
list-options show-uid-validity
verify-options show-uid-validity
# Disable comment string in clear text signatures and ASCII armored messages
no-comments
# Define preferences
# This is based on the article at bettercrypto.org/#pretty_good_privacy
personal-digest-preferences SHA512
cert-digest-algo SHA512
default-preference-list AES256 CAMELLIA256 AES192 CAMELLIA192 AES CAMELLIA128 TWOFISH SHA512 SHA384 SHA256 BZIP2 ZLIB ZIP
# Disable weak digests
# May be overriden with --allow-weak-digest-algos
weak-digest MD5
weak-digest SHA1