Hardened GPG config

By Sindastra|2019-09-13T09:56:16+02:00September 13th, 2019|Tech Support, Wiki|0 Comments

This is just a quick post to share a hardened gpg.conf

Usually stored in ~/.gnupg/gpg.conf

personal-cipher-preferences AES256 AES192 AES
personal-digest-preferences SHA512 SHA384 SHA256
personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
cert-digest-algo SHA512
s2k-digest-algo SHA512
s2k-cipher-algo AES256
charset utf-8
fixed-list-mode
no-comments
no-emit-version
keyid-format 0xlong
list-options show-uid-validity
verify-options show-uid-validity
with-fingerprint
require-cross-certification
use-agent

And I recommend using the key server hkps://keys.openpgp.org

Note that this is not a perfect config and you might add or change things to increase privacy and perhaps security as well. But I tested it to work across Mac, Windows and Linux without issues. Some options might not be supported depending on your version of GPG but this config up there worked across all common platforms for me.

About the Author: Sindastra

Sindastra is a software developer with over ten years of experience, specialized in backend web development. In her spare time she hacks on things and educates herself on a variety of topics. She likes to play Minecraft with friends and especially enjoys hacking on the game's server code.

Hardened GPG config

Share this post:

About the Author: Sindastra

Leave A Comment Cancel reply