aboutsummaryrefslogtreecommitdiff
path: root/gnupg
diff options
context:
space:
mode:
authorTom Ryder <tom@sanctum.geek.nz>2013-10-30 11:32:46 +1300
committerTom Ryder <tom@sanctum.geek.nz>2013-10-30 11:32:46 +1300
commit82215f63d8b2df1d4d08fcb04274b42278bb3223 (patch)
treef0e28f3ca9b7637e7d7fb0e12f8b603e3d5208b7 /gnupg
parentDon't need to specify key ID, only using one now (diff)
downloaddotfiles-82215f63d8b2df1d4d08fcb04274b42278bb3223.tar.gz
dotfiles-82215f63d8b2df1d4d08fcb04274b42278bb3223.zip
Retrieve keys over hkps:// per RiseUp guide
<https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#consider-making-your-default-keyserver-use-a-keyse> The keyserver pool CA needs to be installed for this to work. On Debian: # curl https://sks-keyservers.net/sks-keyservers.netCA.pem \ > /usr/local/share/ca-certificates/sks-keyservers.netCA.crt # update-ca-certificates
Diffstat (limited to 'gnupg')
-rw-r--r--gnupg/gpg.conf4
1 files changed, 2 insertions, 2 deletions
diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf
index 324a0f20..2173f954 100644
--- a/gnupg/gpg.conf
+++ b/gnupg/gpg.conf
@@ -4,8 +4,8 @@ default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB
default-recipient-self
fixed-list-mode
keyid-format 0xlong
-keyserver pgp.net.nz
-keyserver-options auto-key-retrieve
+keyserver hkps://hkps.pool.sks-keyservers.net
+keyserver-options auto-key-retrieve check-cert no-honor-keyserver-url
list-options show-uid-validity
no-greeting
personal-digest-preferences SHA512