46 lines
1.1 KiB
Django/Jinja
46 lines
1.1 KiB
Django/Jinja
# no spam
|
|
no-greeting
|
|
|
|
# minimize information leakage
|
|
no-comments
|
|
no-emit-version
|
|
export-options export-minimal
|
|
|
|
# show as much key info as possible
|
|
keyid-format 0xlong
|
|
with-fingerprint
|
|
|
|
# show validity of the keys
|
|
verify-options show-uid-validity
|
|
list-options show-uid-validity
|
|
|
|
# cipher settings
|
|
personal-cipher-preferences AES256 AES192 AES
|
|
personal-digest-preferences SHA512 SHA384 SHA256
|
|
personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
|
|
default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
|
|
|
|
cert-digest-algo SHA512
|
|
|
|
# key derivation algo
|
|
s2k-cipher-algo AES256
|
|
s2k-digest-algo SHA512
|
|
s2k-mode 3
|
|
s2k-count 65011712
|
|
|
|
use-agent
|
|
display-charset utf-8
|
|
fixed-list-mode
|
|
no-mangle-dos-filenames
|
|
require-cross-certification
|
|
|
|
{% if not (distro == 'ubuntu' and ansible_distribution_version == '18.04') -%}
|
|
{# looks like the gpg version in that ubuntu release it too old and does not
|
|
{# contain the setting #}
|
|
# do not cache keys for symmetric encryption
|
|
no-symkey-cache
|
|
|
|
{% endif -%}
|
|
|
|
keyserver-options no-honor-keyserver-url no-auto-key-retrieve include-revoked
|