diff --git a/home/.chezmoiexternal.toml.tmpl b/home/.chezmoiexternal.toml.tmpl index b82924c0..e1eea114 100644 --- a/home/.chezmoiexternal.toml.tmpl +++ b/home/.chezmoiexternal.toml.tmpl @@ -308,11 +308,6 @@ type = "file" url = "https://curl.se/ca/cacert.pem" -### GPG -[".gnupg/gpg.conf"] - type = "file" - url = "https://raw.githubusercontent.com/drduh/config/master/gpg.conf" - ### Vagrant [".ssh/authorized_keys.vagrant"] type = "file" diff --git a/home/private_dot_gnupg/private_gpg.conf b/home/private_dot_gnupg/private_gpg.conf new file mode 100644 index 00000000..9f53756b --- /dev/null +++ b/home/private_dot_gnupg/private_gpg.conf @@ -0,0 +1,62 @@ +# Source: https://github.com/drduh/config/blob/master/gpg.conf +# https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html +# https://www.gnupg.org/documentation/manuals/gnupg/GPG-Esoteric-Options.html +# 'gpg --version' to get capabilities +# Use AES256, 192, or 128 as cipher +personal-cipher-preferences AES256 AES192 AES +# Use SHA512, 384, or 256 as digest +personal-digest-preferences SHA512 SHA384 SHA256 +# Use ZLIB, BZIP2, ZIP, or no compression +personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed +# Default preferences for new keys +default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed +# SHA512 as digest to sign keys +cert-digest-algo SHA512 +# SHA512 as digest for symmetric ops +s2k-digest-algo SHA512 +# AES256 as cipher for symmetric ops +s2k-cipher-algo AES256 +# UTF-8 support for compatibility +charset utf-8 +# Show Unix timestamps +fixed-list-mode +# No comments in signature +no-comments +# No version in output +no-emit-version +# Disable banner +no-greeting +# Long hexidecimal key format +keyid-format 0xlong +# Display UID validity +list-options show-uid-validity +verify-options show-uid-validity +# Display all keys and their fingerprints +with-fingerprint +# Display key origins and updates +#with-key-origin +# Cross-certify subkeys are present and valid +require-cross-certification +# Disable caching of passphrase for symmetrical ops +no-symkey-cache +# Enable smartcard +use-agent +# Disable recipient key ID in messages +throw-keyids +# Default/trusted key ID to use (helpful with throw-keyids) +#default-key 0xFF3E7D88647EBCDB +#trusted-key 0xFF3E7D88647EBCDB +# Group recipient keys (preferred ID last) +#group keygroup = 0xFF00000000000001 0xFF00000000000002 0xFF3E7D88647EBCDB +# Keyserver URL +#keyserver hkps://keys.openpgp.org +#keyserver hkps://keyserver.ubuntu.com:443 +#keyserver hkps://hkps.pool.sks-keyservers.net +#keyserver hkps://pgp.ocf.berkeley.edu +# Proxy to use for keyservers +#keyserver-options http-proxy=http://127.0.0.1:8118 +#keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 +# Verbose output +#verbose +# Show expired subkeys +#list-options show-unusable-subkeys diff --git a/home/private_dot_gnupg/public/0xF0A300E4199A1C33.asc b/home/private_dot_gnupg/private_public/private_0xF0A300E4199A1C33.asc similarity index 100% rename from home/private_dot_gnupg/public/0xF0A300E4199A1C33.asc rename to home/private_dot_gnupg/private_public/private_0xF0A300E4199A1C33.asc diff --git a/home/private_dot_gnupg/public/apt.hashicorp.asc b/home/private_dot_gnupg/private_public/private_apt.hashicorp.asc similarity index 100% rename from home/private_dot_gnupg/public/apt.hashicorp.asc rename to home/private_dot_gnupg/private_public/private_apt.hashicorp.asc diff --git a/home/private_dot_gnupg/public/linux.wazuh.asc b/home/private_dot_gnupg/private_public/private_linux.wazuh.asc similarity index 100% rename from home/private_dot_gnupg/public/linux.wazuh.asc rename to home/private_dot_gnupg/private_public/private_linux.wazuh.asc diff --git a/home/private_dot_gnupg/public/qubes.uman.asc b/home/private_dot_gnupg/private_public/private_qubes.uman.asc similarity index 100% rename from home/private_dot_gnupg/public/qubes.uman.asc rename to home/private_dot_gnupg/private_public/private_qubes.uman.asc