From 97c14018570d437e5c2ffcc2dc2de10a31054b67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=93scar=20N=C3=A1jera?= <hi@oscarnajera.com>
Date: Sun, 26 Dec 2021 16:18:52 +0100
Subject: gpg config: keygrip + algorithms

---
 gnupg/gpg.conf | 7 +++++++
 install.scm    | 1 +
 2 files changed, 8 insertions(+)
 create mode 100644 gnupg/gpg.conf

diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf
new file mode 100644
index 0000000..8c9535b
--- /dev/null
+++ b/gnupg/gpg.conf
@@ -0,0 +1,7 @@
+with-keygrip
+## SHA1 is too weak.
+## https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html
+personal-digest-preferences SHA256
+cert-digest-algo SHA256
+default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
+cipher-algo AES256
diff --git a/install.scm b/install.scm
index 0e3ffde..646076c 100755
--- a/install.scm
+++ b/install.scm
@@ -215,6 +215,7 @@
   (config-links "calendars.conf" "~/.calendars.conf" #f)
   (git-config)
   (symlink-tree "home-dots" "~/")
+  (config-links "gnupg/gpg.conf" "~/.gnupg/gpg.conf" #f)
   (config-links "gnupg/gpg-agent.conf" "~/.gnupg/gpg-agent.conf" #f)
   (symlink-tree "bin" "~/.local/bin")
   (symlink-tree "config" "~/.config")
-- 
cgit v1.2.3