abysmify mail

gnupg/gpg-agent.conf

@@ -6,9 +6,8 @@ no-grab
 # pinentry-program /usr/bin/pinentry-curses
 # pinentry-program /usr/bin/pinentry-qt4
 # pinentry-program /usr/bin/pinentry-kwallet
-pinentry-program /usr/bin/pinentry-gtk-2
+# pinentry-program /usr/bin/pinentry-gtk-2
 
 # Cache settings
-default-cache-ttl 10800
-default-cache-ttl-ssh 10800
+default-cache-ttl 108000
 

gnupg/gpg.conf

@@ -1,6 +1,3 @@
-# These first three lines are not copied to the gpg.conf file in
-# the users home directory.
-# $Id$
 # Options for GnuPG
 # Copyright 1998-2003, 2010 Free Software Foundation, Inc.
 # Copyright 1998-2003, 2010 Werner Koch
@@ -21,23 +18,15 @@
 # GnuPG. If the first non white space character of a line is a '#',
 # this line is ignored.  Empty lines are also ignored.
 #
-# See the man page for a list of options.
+# See the gpg man page for a list of options.
 
-personal-digest-preferences SHA512
-cert-digest-algo SHA512
-default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
-personal-cipher-preferences TWOFISH CAMELLIA256 AES 3DES
-use-agent
-
-# Uncomment the following option to get rid of the copyright notice
-
-#no-greeting
 
 # If you have more than 1 secret key in your keyring, you may want to
 # uncomment the following option and set your preferred keyid.
 
 #default-key 621CC013
 
+
 # If you do not pass a recipient to gpg, it will ask for one.  Using
 # this option you can encrypt to a default key.  Key validation will
 # not be done in this case.  The second form uses the default key as
@@ -46,37 +35,6 @@ use-agent
 #default-recipient some-user-id
 #default-recipient-self
 
-# By default GnuPG creates version 4 signatures for data files as
-# specified by OpenPGP.  Some earlier (PGP 6, PGP 7) versions of PGP
-# require the older version 3 signatures.  Setting this option forces
-# GnuPG to create version 3 signatures.
-
-#force-v3-sigs
-
-# Because some mailers change lines starting with "From " to ">From "
-# it is good to handle such lines in a special way when creating
-# cleartext signatures; all other PGP versions do it this way too.
-# To enable full OpenPGP compliance you may want to use this option.
-
-#no-escape-from-lines
-
-# When verifying a signature made from a subkey, ensure that the cross
-# certification "back signature" on the subkey is present and valid.
-# This protects against a subtle attack against subkeys that can sign.
-# Defaults to --no-require-cross-certification.  However for new
-# installations it should be enabled.
-
-require-cross-certification
-
-
-# If you do not use the Latin-1 (ISO-8859-1) charset, you should tell
-# GnuPG which is the native character set.  Please check the man page
-# for supported character sets.  This character set is only used for
-# metadata and not for the actual message which does not undergo any
-# translation.  Note that future version of GnuPG will change to UTF-8
-# as default character set.
-
-#charset utf-8
 
 # Group names may be defined like this:
 #   group mynames = paige 0x12345678 joe patti
@@ -90,50 +48,21 @@ require-cross-certification
 
 #group mynames = paige 0x12345678 joe patti
 
-# Some old Windows platforms require 8.3 filenames.  If your system
-# can handle long filenames, uncomment this.
 
-#no-mangle-dos-filenames
+# GnuPG can automatically locate and retrieve keys as needed using
+# this option.  This happens when encrypting to an email address (in
+# the "user@@example.com" form) and there are no keys matching
+# "user@example.com" in the local keyring.  This option takes any
+# number mechanisms which are tried in the given order.  The default
+# is "--auto-key-locate local" to search for keys only in the local
+# key database.  Uncomment the next line to locate a missing key using
+# two DNS based mechanisms.
 
-# Lock the file only once for the lifetime of a process.  If you do
-# not define this, the lock will be obtained and released every time
-# it is needed - normally this is not needed.
+#auto-key-locate local,pka,dane
 
-#lock-once
-
-# GnuPG can send and receive keys to and from a keyserver.  These
-# servers can be HKP, email, or LDAP (if GnuPG is built with LDAP
-# support).
-#
-# Example HKP keyservers:
-#      hkp://keys.gnupg.net
-#
-# Example LDAP keyservers:
-#      ldap://pgp.surfnet.nl:11370
-#
-# Regular URL syntax applies, and you can set an alternate port
-# through the usual method:
-#      hkp://keyserver.example.net:22742
-#
-# If you have problems connecting to a HKP server through a buggy http
-# proxy, you can use keyserver option broken-http-proxy (see below),
-# but first you should make sure that you have read the man page
-# regarding proxies (keyserver option honor-http-proxy)
-#
-# Most users just set the name and type of their preferred keyserver.
-# Note that most servers (with the notable exception of
-# ldap://keyserver.pgp.com) synchronize changes with each other.  Note
-# also that a single server name may actually point to multiple
-# servers via DNS round-robin.  hkp://keys.gnupg.net is an example of
-# such a "server", which spreads the load over a number of physical
-# servers.  To see the IP address of the server actually used, you may use
-# the "--keyserver-options debug".
-
-keyserver hkp://keys.gnupg.net
-#keyserver http://http-keys.gnupg.net
-#keyserver mailto:pgp-public-keys@keys.nl.pgp.net
 
 # Common options for keyserver functions:
+# (Note that the --keyserver option has been moved to dirmngr.conf)
 #
 # include-disabled = when searching, include keys marked as "disabled"
 #                    on the keyserver (not all keyservers support this).
@@ -145,18 +74,6 @@ keyserver hkp://keys.gnupg.net
 #           Can be used more than once to increase the amount
 #           of information shown.
 #
-# use-temp-files = use temporary files instead of a pipe to talk to the
-#                  keyserver.  Some platforms (Win32 for one) always
-#                  have this on.
-#
-# keep-temp-files = do not delete temporary files after using them
-#                   (really only useful for debugging)
-#
-# honor-http-proxy = if the keyserver uses HTTP, honor the http_proxy
-#                    environment variable
-#
-# broken-http-proxy = try to work around a buggy HTTP proxy
-#
 # auto-key-retrieve = automatically fetch keys as needed from the keyserver
 #                     when verifying signatures or when importing keys that
 #                     have been revoked by a revocation key that is not
@@ -167,11 +84,13 @@ keyserver hkp://keys.gnupg.net
 
 #keyserver-options auto-key-retrieve
 
+
 # Uncomment this line to display photo user IDs in key listings and
 # when a signature from a key with a photo is verified.
 
 #show-photos
 
+
 # Use this program to display photo user IDs
 #
 # %i is expanded to a temporary file that contains the photo.
@@ -202,3 +121,16 @@ keyserver hkp://keys.gnupg.net
 #
 # Use your MIME handler to view photos:
 # photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG"
+
+
+# Because some mailers change lines starting with "From " to ">From "
+# it is good to handle such lines in a special way when creating
+# cleartext signatures; all other PGP versions do it this way too.
+# To enable full OpenPGP compliance you may want to use this option.
+
+#no-escape-from-lines
+
+
+# Uncomment the following option to get rid of the copyright notice
+
+#no-greeting