;;; -*-conf-*- ;;; ;;; Default configuration for GnuPG keys ;;; ;;; (c) 2012 Mark Wooding ;;; ;;;----- Licensing notice --------------------------------------------------- ;;; ;;; This file is part of the distorted.org.uk key management suite. ;;; ;;; distorted-keys is free software; you can redistribute it and/or modify ;;; it under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 2 of the License, or ;;; (at your option) any later version. ;;; ;;; distorted-keys is distributed in the hope that it will be useful, ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with distorted-keys; if not, write to the Free Software Foundation, ;;; Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ;;;-------------------------------------------------------------------------- ;;; GnuPG configuration. ;;; ;;; Properties defined by the key-type are as follows. All of them are ;;; optional. ;;; ;;; main-type Type of the main key. This must be an asymmetric ;;; integrity key type, e.g., `RSA', `DSA'. The default ;;; is `RSA'. ;;; ;;; main-length The size of the main key, in bits. For DSA, this is ;;; the larger field size. The default is 3072; you ;;; should set it explicitly if you override the main ;;; type. ;;; ;;; sub-type Type of the encryption subkey. This must be an ;;; asymmetric secrecy key type, e.g., `RSA', `ELG-E'. ;;; The default is `ELG-E'. ;;; ;;; sub-length The size of the subkey, as for `main-length'. The ;;; default is 3072. ;;; ;;; cipher-prefs A space-separated list of symmetric encryption ;;; algorithms, in order of decreasing preference. The ;;; default list is `AES256 AES TWOFISH 3DES BLOWFISH ;;; CAST5', but this may well change later. ;;; ;;; digest-prefs A space-separated list of message-digest (hash) ;;; algorithms, in order of decreasing preference. The ;;; default list is `SHA256 SHA1 RIPEMD160', but this may ;;; well change later. ;;; ;;; compress-prefs A space-separated list of compression algorithms, in ;;; order of decreasing preference. The default list is ;;; `ZLIB ZIP'. ;;; ;;; s2k-cipher The symmetric encryption scheme to use for encrypting ;;; private keys. The default is the first algorithm ;;; listed in `cipher-prefs'. ;;; ;;; s2k-digest The message-digest (hash) algorithm to use for ;;; deriving symmetric keys from passphrases. The ;;; default is the first algorithm listed in ;;; `digest-prefs'. ;;; ;;; realname These are used to construct the GnuPG key name as ;;; comment `$realname ($comment) <$email>'. If `comment' is ;;; email missing or `nil' then the comment field and its ;;; surrounding parentheses are omitted. A %{PARAM} ;;; placeholder in these properties is replaced by the ;;; values of the named key-generation parameter PARAM, ;;; and an error is reported if no such parameter is ;;; provided; a %{PARAM-DEFAULT} placeholder is replaced ;;; by the value of the parameter PARAM, or the string ;;; DEFAULT if no such parameter is provided. [%gnupg] type = gnupg ;; Main (integrity) key. main-type = RSA main-length = 3072 ;; Subsidiary (secrecy) key. sub-type = ELG-E sub-length = 3072 ;; Preferences for algorithms and compression. cipher-prefs = AES256 AES TWOFISH 3DES BLOWFISH CAST5 digest-prefs = SHA256 SHA1 RIPEMD160 compress-prefs = ZLIB ZIP ;; Identification (delegate to options). realname = %{realname} comment = %{comment-nil} email = %{email} [gnupg-integrity] @include = %gnupg %asymmetric-integrity [gnupg-secrecy] @include = %gnupg %asymmetric-secrecy [%gnupg-infra] @include = %gnupg realname = $@name $%description email = %$%email-prefix$%tag@$%domain ;;;----- That's all, folks --------------------------------------------------