Commit | Line | Data |
---|---|---|
c0979a8f MW |
1 | ;;; -*-conf-*- |
2 | ;;; | |
3 | ;;; Default configuration for GnuPG keys | |
4 | ;;; | |
5 | ;;; (c) 2012 Mark Wooding | |
6 | ;;; | |
7 | ||
8 | ;;;----- Licensing notice --------------------------------------------------- | |
9 | ;;; | |
10 | ;;; This file is part of the distorted.org.uk key management suite. | |
11 | ;;; | |
12 | ;;; distorted-keys is free software; you can redistribute it and/or modify | |
13 | ;;; it under the terms of the GNU General Public License as published by | |
14 | ;;; the Free Software Foundation; either version 2 of the License, or | |
15 | ;;; (at your option) any later version. | |
16 | ;;; | |
17 | ;;; distorted-keys is distributed in the hope that it will be useful, | |
18 | ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | ;;; GNU General Public License for more details. | |
21 | ;;; | |
22 | ;;; You should have received a copy of the GNU General Public License | |
23 | ;;; along with distorted-keys; if not, write to the Free Software Foundation, | |
24 | ;;; Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
25 | ||
26 | ;;;-------------------------------------------------------------------------- | |
27 | ;;; GnuPG configuration. | |
28 | ;;; | |
29 | ;;; Properties defined by the key-type are as follows. All of them are | |
30 | ;;; optional. | |
31 | ;;; | |
32 | ;;; main-type Type of the main key. This must be an asymmetric | |
33 | ;;; integrity key type, e.g., `RSA', `DSA'. The default | |
34 | ;;; is `RSA'. | |
35 | ;;; | |
36 | ;;; main-length The size of the main key, in bits. For DSA, this is | |
37 | ;;; the larger field size. The default is 3072; you | |
38 | ;;; should set it explicitly if you override the main | |
39 | ;;; type. | |
40 | ;;; | |
41 | ;;; sub-type Type of the encryption subkey. This must be an | |
42 | ;;; asymmetric secrecy key type, e.g., `RSA', `ELG-E'. | |
43 | ;;; The default is `ELG-E'. | |
44 | ;;; | |
45 | ;;; sub-length The size of the subkey, as for `main-length'. The | |
46 | ;;; default is 3072. | |
47 | ;;; | |
48 | ;;; cipher-prefs A space-separated list of symmetric encryption | |
49 | ;;; algorithms, in order of decreasing preference. The | |
50 | ;;; default list is `AES256 AES TWOFISH 3DES BLOWFISH | |
51 | ;;; CAST5', but this may well change later. | |
52 | ;;; | |
53 | ;;; digest-prefs A space-separated list of message-digest (hash) | |
54 | ;;; algorithms, in order of decreasing preference. The | |
55 | ;;; default list is `SHA256 SHA1 RIPEMD160', but this may | |
56 | ;;; well change later. | |
57 | ;;; | |
58 | ;;; compress-prefs A space-separated list of compression algorithms, in | |
59 | ;;; order of decreasing preference. The default list is | |
60 | ;;; `ZLIB ZIP'. | |
61 | ;;; | |
62 | ;;; s2k-cipher The symmetric encryption scheme to use for encrypting | |
63 | ;;; private keys. The default is the first algorithm | |
64 | ;;; listed in `cipher-prefs'. | |
65 | ;;; | |
66 | ;;; s2k-digest The message-digest (hash) algorithm to use for | |
67 | ;;; deriving symmetric keys from passphrases. The | |
68 | ;;; default is the first algorithm listed in | |
69 | ;;; `digest-prefs'. | |
70 | ;;; | |
71 | ;;; realname These are used to construct the GnuPG key name as | |
72 | ;;; comment `$realname ($comment) <$email>'. If `comment' is | |
73 | ;;; email missing or `nil' then the comment field and its | |
74 | ;;; surrounding parentheses are omitted. A %{PARAM} | |
75 | ;;; placeholder in these properties is replaced by the | |
76 | ;;; values of the named key-generation parameter PARAM, | |
77 | ;;; and an error is reported if no such parameter is | |
78 | ;;; provided; a %{PARAM-DEFAULT} placeholder is replaced | |
79 | ;;; by the value of the parameter PARAM, or the string | |
80 | ;;; DEFAULT if no such parameter is provided. | |
81 | ||
82 | [%gnupg] | |
83 | type = gnupg | |
84 | ||
85 | ;; Main (integrity) key. | |
86 | main-type = RSA | |
87 | main-length = 3072 | |
88 | ||
89 | ;; Subsidiary (secrecy) key. | |
90 | sub-type = ELG-E | |
91 | sub-length = 3072 | |
92 | ||
93 | ;; Preferences for algorithms and compression. | |
94 | cipher-prefs = AES256 AES TWOFISH 3DES BLOWFISH CAST5 | |
95 | digest-prefs = SHA256 SHA1 RIPEMD160 | |
96 | compress-prefs = ZLIB ZIP | |
97 | ||
98 | ;; Identification (delegate to options). | |
99 | realname = %{realname} | |
100 | comment = %{comment-nil} | |
101 | email = %{email} | |
102 | ||
60091686 MW |
103 | [gnupg-integrity] |
104 | @include = %gnupg %asymmetric-integrity | |
105 | ||
106 | [gnupg-secrecy] | |
107 | @include = %gnupg %asymmetric-secrecy | |
c0979a8f MW |
108 | |
109 | [%gnupg-infra] | |
110 | @include = %gnupg | |
111 | realname = $@name $%description | |
112 | email = %$%email-prefix$%tag@$%domain | |
113 | ||
114 | ;;;----- That's all, folks -------------------------------------------------- |