For your convenience, all the suggested changes to the gpg.conf file are gathered in one place near the bottom of this page. Many of these changes require you to make changes to the GnuPG configuration file on your machine located at ~/.gnupg/gpg.conf. There are detailed explanations for each configuration suggestion. We have gathered here a lot of information about configuring GnuPG. If you had previously tweaked your configurations, you should consider starting over with a base configuration, so you do not have outdated recommendations that are less secure than the defaults. This guide is deprecated, you only need to use the defaults because GnuPG is doing sane things. Do not include a “Comment” in your User ID.Do you have an encrypted backup of your secret key material?.primary keys should have a reasonable expiration date (no more than 2 years in the future).stated digest algorithm preferences must include at least one member of the SHA-2 family at a higher priority than both MD5 and SHA1.self-signatures should not use MD5 exclusively.primary keys should be RSA, ideally 3072 bits.Only use your primary key for certification (and possibly signing).Set a calendar event to remind you about your expiration date.Use an expiration date less than two years.Check key fingerprints before importing.Do not blindly trust keys from keyservers.Refresh your keys slowly and one at a time.
Ensure that all keys are refreshed through the keyserver you have selected.Use the sks keyserver pool, instead of one specific server, with secure connections.Selecting a keyserver and configuring your machine to refresh your keyring.Use free software, and keep it updated.
0 kommentar(er)
