Useful GnuPG Options
There’s so many options!
Here are some useful options to add to your
keyid-format 0xlong throw-keyids no-emit-version
So, why? The first thing shows full key-IDs, including the
0x leading part. Using the full key-ID is very important these days, as someone has found collisions for the short-IDs of everyone in the “strong set” (see evil32.com for more)
throw-keyids documentation says, “Do not put the recipient key IDs into encrypted messages. This helps to hide the receivers of the message and is a limited countermeasure against traffic analysis.” Sounds good to me.
no-emit-version doesn’t burn which exact version you’re using into outgoing messages.
Update: an earlier version of this put a
keyserver line in the
gpg.conf file but it should go in
~/.gnupg/dirmngr.conf instead; thanks to those who pointed it out.
keyserver line uses an Onion-service as the keyserver (and gpg has built-in Tor support). It’s not using
hkps because .onion domains are already end-to-end encrypted and secure.