[tor-commits] [torbirdy/master] Add default configuration for GnuPG (dirmngr.conf)

Sat May 6 11:59:59 UTC 2017

commit 77af6a3560ed58373d64cabf5499d1c8ed70ac67
Author: Patrick Schleizer <adrelanos at riseup.net>
Date:   Sat May 6 07:59:44 2017 -0400

    Add default configuration for GnuPG (dirmngr.conf)
---
 dirmngr.conf | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)

diff --git a/dirmngr.conf b/dirmngr.conf
new file mode 100644
index 0000000..01fbc35
--- /dev/null
+++ b/dirmngr.conf
@@ -0,0 +1,74 @@
+# dirmngr-conf.skel - Skeleton to create dirmngr.conf.
+# (Note that the first three lines are not copied.)
+#
+# dirmngr.conf - Options for Dirmngr
+# Written in 2015 by The GnuPG Project <https://gnupg.org>
+#
+# To the extent possible under law, the authors have dedicated all
+# copyright and related and neighboring rights to this file to the
+# public domain worldwide.  This file is distributed without any
+# warranty.  You should have received a copy of the CC0 Public Domain
+# Dedication along with this file. If not, see
+# <http://creativecommons.org/publicdomain/zero/1.0/>.
+#
+#
+# Unless you specify which option file to use (with the command line
+# option "--options filename"), the file ~/.gnupg/dirmngr.conf is used
+# by dirmngr.  The file can contain any long options which are valid
+# for Dirmngr.  If the first non white space character of a line is a
+# '#', the line is ignored.  Empty lines are also ignored.  See the
+# dirmngr man page or the manual for a list of options.
+#
+
+# --keyserver URI
+#
+# GPG can send and receive keys to and from a keyserver.  These
+# servers can be HKP, Email, or LDAP (if GnuPG is built with LDAP
+# support).
+#
+# Example HKP keyservers:
+#      hkp://keys.gnupg.net
+#
+# Example HKP keyserver using a Tor OnionBalance service
+#      hkp://jirk5u4osbsr34t5.onion
+#
+# Example HKPS keyservers (see --hkp-cacert below):
+#       hkps://hkps.pool.sks-keyservers.net
+#
+# Example LDAP keyservers:
+#      ldap://pgp.surfnet.nl:11370
+#
+# Regular URL syntax applies, and you can set an alternate port
+# through the usual method:
+#      hkp://keyserver.example.net:22742
+#
+# Most users just set the name and type of their preferred keyserver.
+# Note that most servers (with the notable exception of
+# ldap://keyserver.pgp.com) synchronize changes with each other.  Note
+# also that a single server name may actually point to multiple
+# servers via DNS round-robin.  hkp://keys.gnupg.net is an example of
+# such a "server", which spreads the load over a number of physical
+# servers.
+#
+# If exactly two keyservers are configured and only one is a Tor hidden
+# service, Dirmngr selects the keyserver to use depending on whether
+# Tor is locally running or not (on a per session base).
+
+keyserver hkp://jirk5u4osbsr34t5.onion
+
+## change by anon-gpg-tweaks: disable clearnet keyserver
+#keyserver hkp://keys.gnupg.net
+
+# --hkp-cacert FILENAME
+#
+# For the "hkps" scheme (keyserver access over TLS), Dirmngr needs to
+# know the root certificates for verification of the TLS certificates
+# used for the connection.  Enter the full name of a file with the
+# root certificates here.  If that file is in PEM format a ".pem"
+# suffix is expected.  This option may be given multiple times to add
+# more root certificates.  Tilde expansion is supported.
+
+#hkp-cacert /path/to/CA/sks-keyservers.netCA.pem
+
+## change by anon-gpg-tweaks: add use-tor
+use-tor

