commit: be03b7085d02d1b4491ebb0c529830677f70bad4 Author: Pavlos Ratis <dastergon <AT> gentoo <DOT> org> AuthorDate: Thu Nov 27 11:37:05 2014 +0000 Commit: Pavlos Ratis <dastergon <AT> gentoo <DOT> org> CommitDate: Thu Nov 27 11:37:54 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/api.git;a=commit;h=be03b708
add glep63 spec files Signed-off-by: Pavlos Ratis <dastergon <AT> gentoo.org> --- files/gentoo-keys/specs/glep63-gpg-conf.skel | 44 +++++++++++++++++++++++ files/gentoo-keys/specs/glep63-gpg-conf.skel.sig | Bin 0 -> 639 bytes files/gentoo-keys/specs/glep63.spec | 13 +++++++ files/gentoo-keys/specs/glep63.spec.sig | Bin 0 -> 639 bytes 4 files changed, 57 insertions(+) diff --git a/files/gentoo-keys/specs/glep63-gpg-conf.skel b/files/gentoo-keys/specs/glep63-gpg-conf.skel new file mode 100644 index 0000000..73e8708 --- /dev/null +++ b/files/gentoo-keys/specs/glep63-gpg-conf.skel @@ -0,0 +1,44 @@ +################################################# +# GLEP 63 specifications for OpenPGP key creation +################################################# + +# Keyserver +keyserver pool.sks-keyservers.net + +emit-version + +default-recipient-self + +# -- All of the below portion from the RiseUp.net OpenPGP best practices, and +# -- many of them are also in the Debian GPG documentation. + +# when outputting certificates, view user IDs distinctly from keys: +fixed-list-mode + +# Long keyids are more collision-resistant than short keyids (it's trivial to make a key +# with any desired short keyid) +# NOTE: this breaks KMail GnuPG support! +keyid-format 0xlong + +# When multiple digests are supported by all recipients, choose the strongest one: +personal-digest-preferences SHA512 SHA384 SHA256 SHA224 + +# Preferences chosen for new keys should prioritize stronger algorithms: +default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed + +# If you use a graphical environment (and even if you don't) you should be using an agent: +# (similar arguments as https://www.debian-administration.org/users/dkg/weblog/64) +use-agent + +# You should always know at a glance which User IDs gpg thinks are legitimately bound to +# the keys in your keyring: +verify-options show-uid-validity +list-options show-uid-validity + +# Include an unambiguous indicator of which key made a signature: +# (see http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234) +# (and http://www.ietf.org/mail-archive/web/openpgp/current/msg00405.html) +sig-notation issuer-...@notations.openpgp.fifthhorseman.net=%g + +# When making an OpenPGP certification, use a stronger digest than the default SHA1: +cert-digest-algo SHA256 diff --git a/files/gentoo-keys/specs/glep63-gpg-conf.skel.sig b/files/gentoo-keys/specs/glep63-gpg-conf.skel.sig new file mode 100644 index 0000000..493a5d7 Binary files /dev/null and b/files/gentoo-keys/specs/glep63-gpg-conf.skel.sig differ diff --git a/files/gentoo-keys/specs/glep63.spec b/files/gentoo-keys/specs/glep63.spec new file mode 100644 index 0000000..2b4fc45 --- /dev/null +++ b/files/gentoo-keys/specs/glep63.spec @@ -0,0 +1,13 @@ +<GnupgKeyParms format="internal"> + Key-Type: RSA + Key-Length: 4096 + Expire-Date: 36m + Key-Usage: , + Subkey-Type: RSA + Subkey-Length: 4096 + Subkey-Usage: sign + Name-Real: {0} + Name-Email: {1} + %ask-passphrase +</GnupgKeyParms> + diff --git a/files/gentoo-keys/specs/glep63.spec.sig b/files/gentoo-keys/specs/glep63.spec.sig new file mode 100644 index 0000000..82b8b8f Binary files /dev/null and b/files/gentoo-keys/specs/glep63.spec.sig differ
