commit 77af6a3560ed58373d64cabf5499d1c8ed70ac67 Author: Patrick Schleizer <adrelanos@riseup.net> Date: Sat May 6 07:59:44 2017 -0400 Add default configuration for GnuPG (dirmngr.conf) --- dirmngr.conf | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/dirmngr.conf b/dirmngr.conf new file mode 100644 index 0000000..01fbc35 --- /dev/null +++ b/dirmngr.conf @@ -0,0 +1,74 @@ +# dirmngr-conf.skel - Skeleton to create dirmngr.conf. +# (Note that the first three lines are not copied.) +# +# dirmngr.conf - Options for Dirmngr +# Written in 2015 by The GnuPG Project <https://gnupg.org> +# +# To the extent possible under law, the authors have dedicated all +# copyright and related and neighboring rights to this file to the +# public domain worldwide. This file is distributed without any +# warranty. You should have received a copy of the CC0 Public Domain +# Dedication along with this file. If not, see +# <http://creativecommons.org/publicdomain/zero/1.0/>. +# +# +# Unless you specify which option file to use (with the command line +# option "--options filename"), the file ~/.gnupg/dirmngr.conf is used +# by dirmngr. The file can contain any long options which are valid +# for Dirmngr. If the first non white space character of a line is a +# '#', the line is ignored. Empty lines are also ignored. See the +# dirmngr man page or the manual for a list of options. +# + +# --keyserver URI +# +# GPG can send and receive keys to and from a keyserver. These +# servers can be HKP, Email, or LDAP (if GnuPG is built with LDAP +# support). +# +# Example HKP keyservers: +# hkp://keys.gnupg.net +# +# Example HKP keyserver using a Tor OnionBalance service +# hkp://jirk5u4osbsr34t5.onion +# +# Example HKPS keyservers (see --hkp-cacert below): +# hkps://hkps.pool.sks-keyservers.net +# +# Example LDAP keyservers: +# ldap://pgp.surfnet.nl:11370 +# +# Regular URL syntax applies, and you can set an alternate port +# through the usual method: +# hkp://keyserver.example.net:22742 +# +# Most users just set the name and type of their preferred keyserver. +# Note that most servers (with the notable exception of +# ldap://keyserver.pgp.com) synchronize changes with each other. Note +# also that a single server name may actually point to multiple +# servers via DNS round-robin. hkp://keys.gnupg.net is an example of +# such a "server", which spreads the load over a number of physical +# servers. +# +# If exactly two keyservers are configured and only one is a Tor hidden +# service, Dirmngr selects the keyserver to use depending on whether +# Tor is locally running or not (on a per session base). + +keyserver hkp://jirk5u4osbsr34t5.onion + +## change by anon-gpg-tweaks: disable clearnet keyserver +#keyserver hkp://keys.gnupg.net + +# --hkp-cacert FILENAME +# +# For the "hkps" scheme (keyserver access over TLS), Dirmngr needs to +# know the root certificates for verification of the TLS certificates +# used for the connection. Enter the full name of a file with the +# root certificates here. If that file is in PEM format a ".pem" +# suffix is expected. This option may be given multiple times to add +# more root certificates. Tilde expansion is supported. + +#hkp-cacert /path/to/CA/sks-keyservers.netCA.pem + +## change by anon-gpg-tweaks: add use-tor +use-tor