diff options
author | Tom Ryder <tom@sanctum.geek.nz> | 2013-10-30 11:32:46 +1300 |
---|---|---|
committer | Tom Ryder <tom@sanctum.geek.nz> | 2013-10-30 11:32:46 +1300 |
commit | 82215f63d8b2df1d4d08fcb04274b42278bb3223 (patch) | |
tree | f0e28f3ca9b7637e7d7fb0e12f8b603e3d5208b7 /gnupg | |
parent | Don't need to specify key ID, only using one now (diff) | |
download | dotfiles-82215f63d8b2df1d4d08fcb04274b42278bb3223.tar.gz dotfiles-82215f63d8b2df1d4d08fcb04274b42278bb3223.zip |
Retrieve keys over hkps:// per RiseUp guide
<https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#consider-making-your-default-keyserver-use-a-keyse>
The keyserver pool CA needs to be installed for this to work. On Debian:
# curl https://sks-keyservers.net/sks-keyservers.netCA.pem \
> /usr/local/share/ca-certificates/sks-keyservers.netCA.crt
# update-ca-certificates
Diffstat (limited to 'gnupg')
-rw-r--r-- | gnupg/gpg.conf | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf index 324a0f20..2173f954 100644 --- a/gnupg/gpg.conf +++ b/gnupg/gpg.conf @@ -4,8 +4,8 @@ default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB default-recipient-self fixed-list-mode keyid-format 0xlong -keyserver pgp.net.nz -keyserver-options auto-key-retrieve +keyserver hkps://hkps.pool.sks-keyservers.net +keyserver-options auto-key-retrieve check-cert no-honor-keyserver-url list-options show-uid-validity no-greeting personal-digest-preferences SHA512 |