ulif · November 14, 2017 11:43
diff --git a/gpg-setup.sh b/gpg-setup.sh
 #
 # Create a not-too-unsecure gpg setup.
 # For current version see:
 #  https://gist.github.com/ulif/cd9c0254a0935e2ff82a#file-gpg-setup-sh

 # Install gnupg-curl
 #   It supports hkps, which regular gnupg seemingly does not
 sudo apt-get install gnupg-curl

 # Fetch mayfirst.org CA-cert from
 #
 #   https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt
 #
 # Store the cert in ~/.gnupg/letsencryptauthorityx3.pem.txt
 #
 # The old mayfirst.org certificate authority certificate is not used any more,
 # as mayfirst.org now switched to letsencrypt.

 # Install minimized gpg.conf (backup your old ~/.gnupg/gpg.conf first)
 cat <<EOF > ~/.gnupg/gpg.conf
 # Options for GnuPG
 # The uli-set, v0.1
 # Set based on recommendations from stef
 #    http://www.ctrlc.hu/~stef/fnf15.pdf
 # Set 'default-key' and make sure the path of 'ca-cert-file' exists.
 # 'default-key' is supposed to be the id of a secret key.
 #
 default-key AABBCCDD
 keyserver hkps://keys.mayfirst.org
 keyserver-options no-try-dns-srv no-honor-keyserver-url verbose verbose check-cert ca-cert-file=/path/to/.gnupg/letsencryptauthorityx3.pem.txt
 personal-digest-preferences SHA512 SHA384 SHA256
 personal-cipher-preferences TWOFISH AES256 AES192
 cert-digest-algo SHA512
 default-preference-list SHA512 SHA384 SHA256 SHA224 TWOFISH AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
 auto-key-locate local
 export-options export-minimal
 no-emit-version
 no-comments
 require-secmem
 keyid-format 0xlong
 with-fingerprint
 enable-large-rsa
 EOF

 # In the new ~/.gnupg/gpg.conf file set default-key and ca-cert-file path.

 # Check that you can lookup keys with something like
 gpg --search-key [email protected]
	#
	# Create a not-too-unsecure gpg setup.
	# For current version see:
	# https://gist.github.com/ulif/cd9c0254a0935e2ff82a#file-gpg-setup-sh

	# Install gnupg-curl
	# It supports hkps, which regular gnupg seemingly does not
	sudo apt-get install gnupg-curl

	# Fetch mayfirst.org CA-cert from
	#
	# https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt
	#
	# Store the cert in ~/.gnupg/letsencryptauthorityx3.pem.txt
	#
	# The old mayfirst.org certificate authority certificate is not used any more,
	# as mayfirst.org now switched to letsencrypt.

	# Install minimized gpg.conf (backup your old ~/.gnupg/gpg.conf first)
	cat <<EOF > ~/.gnupg/gpg.conf
	# Options for GnuPG
	# The uli-set, v0.1
	# Set based on recommendations from stef
	# http://www.ctrlc.hu/~stef/fnf15.pdf
	# Set 'default-key' and make sure the path of 'ca-cert-file' exists.
	# 'default-key' is supposed to be the id of a secret key.
	#
	default-key AABBCCDD
	keyserver hkps://keys.mayfirst.org
	keyserver-options no-try-dns-srv no-honor-keyserver-url verbose verbose check-cert ca-cert-file=/path/to/.gnupg/letsencryptauthorityx3.pem.txt
	personal-digest-preferences SHA512 SHA384 SHA256
	personal-cipher-preferences TWOFISH AES256 AES192
	cert-digest-algo SHA512
	default-preference-list SHA512 SHA384 SHA256 SHA224 TWOFISH AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
	auto-key-locate local
	export-options export-minimal
	no-emit-version
	no-comments
	require-secmem
	keyid-format 0xlong
	with-fingerprint
	enable-large-rsa
	EOF

	# In the new ~/.gnupg/gpg.conf file set default-key and ca-cert-file path.

	# Check that you can lookup keys with something like
	gpg --search-key [email protected]