duraconf
duraconf copied to clipboard
ioerror
duraconf - A collection of hardened configuration files for SSL/TLS services
Use more secure options, added options for the secret key and to use when encrypting/signing messages/files because by default sha-1 or ripemd160 and blowfish will be use
shown when try to encrypt/decrypt text message ``` $ uname -a Linux mx1 4.19.0-9-amd64 #1 SMP Debian 4.19.118-2 (2020-04-29) x86_64 GNU/Linux ``` https://github.com/ioerror/duraconf/blob/04f992ccd27fda38f742944066fbde39aa2ceb73/configs/gnupg/gpg.conf#L57-L58
The comments here: https://github.com/ioerror/duraconf/blob/3f0d977b750189a41ca1c014ceec4df8b0be4811/configs/gnupg/gpg.conf#L77-L83 are not consistent with the conf options (digest vs cipher in different parts of the comments).
As described in https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f the mitigations includes 1. Open `gpg.conf` in a text editor. Ensure there is no line starting with `keyserver`. If there is, remove it. 2. Open `dirmngr.conf`...
rework gpg.conf based on upstream changes - default key: unneccessary - behavior: merged upstream in 2.1 - keyserver: merged upstream in 2.1 (and some now set in dirmngr.conf) - personal-cipher-preferences:...
Maybe add `require-cross-certification` to the gpg.conf? It is the default in Debian AFAIK with this reason given: ``` # When verifying a signature made from a subkey, ensure that the...
Hi, I have a question about following line in the gpg.conf: `personal-cipher-preferences AES256 AES192 AES CAST5` Why not also add the Twofish cipher?
