Move gpg config into dotfiles repo

2024-04-29 18:22:54 +01:00 · 2024-04-29 18:22:54 +01:00 · 545d574334
commit 545d574334
parent 2cad87d43c
4 changed files with 58 additions and 0 deletions
--- a/bootstrap.sh
+++ b/bootstrap.sh
@ -21,6 +21,16 @@ test -L $HOME/.sheldon/plugins.toml || ln -f -s $BASEDIR/sheldon.toml $HOME/.she
 test -L $HOME/.zsh || ln -f -s $BASEDIR/zsh $HOME/.zsh
 test -L $HOME/.zshrc || ln -f -s $BASEDIR/zshrc.zsh $HOME/.zshrc

+# setup gpg conf
+test -d $HOME/.gnupg || mkdir $HOME/.gnupg
+cp -f $BASEDIR/gnupg/common.conf $HOME/.gnupg/common.conf
+cp -f $BASEDIR/gnupg/dirmngr.conf $HOME/.gnupg/dirmngr.conf
+cp -f $BASEDIR/gnupg/gpg.conf $HOME/.gnupg/gpg.conf
+chmod 700 $HOME/.gnupg
+chmod 640 $HOME/.gnupg/common.conf
+chmod 640 $HOME/.gnupg/dirmngr.conf
+chmod 640 $HOME/.gnupg/gpg.conf
+
 # ln vim files
 echo "Setting up vim"
 test -d $HOME/.vim && rm -rf $HOME/.vim
--- a/gnupg/common.conf
+++ b/gnupg/common.conf
@ -0,0 +1 @@
+use-keyboxd
--- a/gnupg/dirmngr.conf
+++ b/gnupg/dirmngr.conf
@ -0,0 +1,2 @@
+# Use modern keyserver
+keyserver hkps://keys.openpgp.org
--- a/gnupg/gpg.conf
+++ b/gnupg/gpg.conf
@ -0,0 +1,45 @@
+# Don't hide options from the user
+expert
+
+# Use UTF-8
+utf8-strings
+
+# Ensure all keys are loaded from the designated keyserver
+# When creating a key, individuals may designate a specific keyserver to use to
+# pull their keys from, we shall ignore this
+keyserver-options no-honor-keyserver-url
+
+# Auto-retrieve keys
+# GnuPG can automatically locate and retrieve keys as needed using this option.
+# This happens when encrypting to an email address (in the "user@@example.com"
+# form) and there are no keys matching "user@example.com" in the local keyring.
+# This option takes any number mechanisms which are tried in the given order.
+# The default is "--auto-key-locate local" to search for keys only in the local
+# key database. Uncomment the next line to locate a missing key using two DNS
+# based mechanisms.
+auto-key-locate local,pka,dane
+
+# Get the best of the WoT and ToFU:
+trust-model tofu+pgp
+tofu-default-policy unknown
+
+# Display long key IDs
+keyid-format 0xlong
+
+# Display the calculated validity of user IDs during key listings
+list-options show-uid-validity
+verify-options show-uid-validity
+
+# Disable comment string in clear text signatures and ASCII armored messages
+no-comments
+
+# Define preferences
+# This is based on the article at bettercrypto.org/#pretty_good_privacy
+personal-digest-preferences SHA512
+cert-digest-algo SHA512
+default-preference-list AES256 CAMELLIA256 AES192 CAMELLIA192 AES CAMELLIA128 TWOFISH SHA512 SHA384 SHA256 BZIP2 ZLIB ZIP
+
+# Disable weak digests
+# May be overriden with --allow-weak-digest-algos
+weak-digest MD5
+weak-digest SHA1