[distorted-keys] / profile.d / 01gnupg

;;; -*-conf-*-
;;;
;;; Default configuration for GnuPG keys
;;;
;;; (c) 2012 Mark Wooding
;;;

;;;----- Licensing notice ---------------------------------------------------
;;;
;;; This file is part of the distorted.org.uk key management suite.
;;;
;;; distorted-keys is free software; you can redistribute it and/or modify
;;; it under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 2 of the License, or
;;; (at your option) any later version.
;;;
;;; distorted-keys is distributed in the hope that it will be useful,
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with distorted-keys; if not, write to the Free Software Foundation,
;;; Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

;;;--------------------------------------------------------------------------
;;; GnuPG configuration.
;;;
;;; Properties defined by the key-type are as follows.  All of them are
;;; optional.
;;;
;;; main-type		Type of the main key.  This must be an asymmetric
;;;			integrity key type, e.g., `RSA', `DSA'.  The default
;;;			is `RSA'.
;;;
;;; main-length		The size of the main key, in bits.  For DSA, this is
;;;			the larger field size.  The default is 3072; you
;;;			should set it explicitly if you override the main
;;;			type.
;;;
;;; sub-type		Type of the encryption subkey.  This must be an
;;;			asymmetric secrecy key type, e.g., `RSA', `ELG-E'.
;;;			The default is `ELG-E'.
;;;
;;; sub-length		The size of the subkey, as for `main-length'.  The
;;;			default is 3072.
;;;
;;; cipher-prefs	A space-separated list of symmetric encryption
;;;			algorithms, in order of decreasing preference.  The
;;;			default list is `AES256 AES TWOFISH 3DES BLOWFISH
;;;			CAST5', but this may well change later.
;;;
;;; digest-prefs	A space-separated list of message-digest (hash)
;;;			algorithms, in order of decreasing preference.  The
;;;			default list is `SHA256 SHA1 RIPEMD160', but this may
;;;			well change later.
;;;
;;; compress-prefs	A space-separated list of compression algorithms, in
;;;			order of decreasing preference.  The default list is
;;;			`ZLIB ZIP'.
;;;
;;; s2k-cipher		The symmetric encryption scheme to use for encrypting
;;;			private keys.  The default is the first algorithm
;;;			listed in `cipher-prefs'.
;;;
;;; s2k-digest		The message-digest (hash) algorithm to use for
;;;			deriving symmetric keys from passphrases.  The
;;;			default is the first algorithm listed in
;;;			`digest-prefs'.
;;;
;;; realname		These are used to construct the GnuPG key name as
;;; comment		`$realname ($comment) <$email>'.  If `comment' is
;;; email		missing or `nil' then the comment field and its
;;;			surrounding parentheses are omitted.  A %{PARAM}
;;;			placeholder in these properties is replaced by the
;;;			values of the named key-generation parameter PARAM,
;;;			and an error is reported if no such parameter is
;;;			provided; a %{PARAM-DEFAULT} placeholder is replaced
;;;			by the value of the parameter PARAM, or the string
;;;			DEFAULT if no such parameter is provided.

[%gnupg]
type = gnupg

;; Main (integrity) key.
main-type = RSA
main-length = 3072

;; Subsidiary (secrecy) key.
sub-type = ELG-E
sub-length = 3072

;; Preferences for algorithms and compression.
cipher-prefs = AES256 AES TWOFISH 3DES BLOWFISH CAST5
digest-prefs = SHA256 SHA1 RIPEMD160
compress-prefs = ZLIB ZIP

;; Identification (delegate to options).
realname = %{realname}
comment = %{comment-nil}
email = %{email}

[gnupg-integrity]
@include = %gnupg %asymmetric-integrity

[gnupg-secrecy]
@include = %gnupg %asymmetric-secrecy

[%gnupg-infra]
@include = %gnupg
realname = $@name $%description
email = %$%email-prefix$%tag@$%domain

;;;----- That's all, folks --------------------------------------------------
Commit	Line	Data
c0979a8f MW	1	;;; --conf--
	2	;;;
	3	;;; Default configuration for GnuPG keys
	4	;;;
	5	;;; (c) 2012 Mark Wooding
	6	;;;
	7
	8	;;;----- Licensing notice ---------------------------------------------------
	9	;;;
	10	;;; This file is part of the distorted.org.uk key management suite.
	11	;;;
	12	;;; distorted-keys is free software; you can redistribute it and/or modify
	13	;;; it under the terms of the GNU General Public License as published by
	14	;;; the Free Software Foundation; either version 2 of the License, or
	15	;;; (at your option) any later version.
	16	;;;
	17	;;; distorted-keys is distributed in the hope that it will be useful,
	18	;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	;;; GNU General Public License for more details.
	21	;;;
	22	;;; You should have received a copy of the GNU General Public License
	23	;;; along with distorted-keys; if not, write to the Free Software Foundation,
	24	;;; Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	25
	26	;;;--------------------------------------------------------------------------
	27	;;; GnuPG configuration.
	28	;;;
	29	;;; Properties defined by the key-type are as follows. All of them are
	30	;;; optional.
	31	;;;
	32	;;; main-type Type of the main key. This must be an asymmetric
	33	;;; integrity key type, e.g., `RSA', `DSA'. The default
	34	;;; is `RSA'.
	35	;;;
	36	;;; main-length The size of the main key, in bits. For DSA, this is
	37	;;; the larger field size. The default is 3072; you
	38	;;; should set it explicitly if you override the main
	39	;;; type.
	40	;;;
	41	;;; sub-type Type of the encryption subkey. This must be an
	42	;;; asymmetric secrecy key type, e.g., `RSA', `ELG-E'.
	43	;;; The default is `ELG-E'.
	44	;;;
	45	;;; sub-length The size of the subkey, as for `main-length'. The
	46	;;; default is 3072.
	47	;;;
	48	;;; cipher-prefs A space-separated list of symmetric encryption
	49	;;; algorithms, in order of decreasing preference. The
	50	;;; default list is `AES256 AES TWOFISH 3DES BLOWFISH
	51	;;; CAST5', but this may well change later.
	52	;;;
	53	;;; digest-prefs A space-separated list of message-digest (hash)
	54	;;; algorithms, in order of decreasing preference. The
	55	;;; default list is `SHA256 SHA1 RIPEMD160', but this may
	56	;;; well change later.
	57	;;;
	58	;;; compress-prefs A space-separated list of compression algorithms, in
	59	;;; order of decreasing preference. The default list is
	60	;;; `ZLIB ZIP'.
	61	;;;
	62	;;; s2k-cipher The symmetric encryption scheme to use for encrypting
	63	;;; private keys. The default is the first algorithm
	64	;;; listed in `cipher-prefs'.
65	;;;
66	;;; s2k-digest The message-digest (hash) algorithm to use for
67	;;; deriving symmetric keys from passphrases. The
68	;;; default is the first algorithm listed in
69	;;; `digest-prefs'.
70	;;;
71	;;; realname These are used to construct the GnuPG key name as
72	;;; comment `$realname ($comment) <$email>'. If `comment' is
73	;;; email missing or `nil' then the comment field and its
74	;;; surrounding parentheses are omitted. A %{PARAM}
75	;;; placeholder in these properties is replaced by the
76	;;; values of the named key-generation parameter PARAM,
77	;;; and an error is reported if no such parameter is
78	;;; provided; a %{PARAM-DEFAULT} placeholder is replaced
79	;;; by the value of the parameter PARAM, or the string
80	;;; DEFAULT if no such parameter is provided.
81
82	[%gnupg]
83	type = gnupg
84
85	;; Main (integrity) key.
86	main-type = RSA
87	main-length = 3072
88
89	;; Subsidiary (secrecy) key.
90	sub-type = ELG-E
91	sub-length = 3072
92
93	;; Preferences for algorithms and compression.
94	cipher-prefs = AES256 AES TWOFISH 3DES BLOWFISH CAST5
95	digest-prefs = SHA256 SHA1 RIPEMD160
96	compress-prefs = ZLIB ZIP
97
98	;; Identification (delegate to options).
99	realname = %{realname}
100	comment = %{comment-nil}
101	email = %{email}
102
60091686 MW	103	[gnupg-integrity]
	104	@include = %gnupg %asymmetric-integrity
	105
	106	[gnupg-secrecy]
	107	@include = %gnupg %asymmetric-secrecy
c0979a8f MW	108
	109	[%gnupg-infra]
	110	@include = %gnupg
	111	realname = $@name $%description
	112	email = %$%email-prefix$%tag@$%domain
	113
	114	;;;----- That's all, folks --------------------------------------------------