Useful GnuPG Options
There’s so many options!
Here are some useful options to add to your ~/.gnupg/gpg.conf
:
keyid-format 0xlong
throw-keyids
no-emit-version
So, why? The first thing shows full key-IDs, including the 0x
leading part. Using the full key-ID is very important these days, as someone has found collisions for the short-IDs of everyone in the “strong set” (see evil32.com for more)
The throw-keyids
documentation says, “Do not put the recipient key IDs into encrypted messages. This helps to hide the receivers of the message and is a limited countermeasure against traffic analysis.” Sounds good to me.
no-emit-version
doesn’t burn which exact version you’re using into outgoing messages.
Update: an earlier version of this put a keyserver
line in the gpg.conf
file but it should go in ~/.gnupg/dirmngr.conf
instead; thanks to those who pointed it out.
keyserver hkp://jirk5u4osbsr34t5.onion
This keyserver
line uses an Onion-service as the keyserver (and gpg has built-in Tor support). It’s not using hkps
because .onion domains are already end-to-end encrypted and secure.