-
Created by
Phil Benchoff, last updated on Sep 13, 2013
2 minute read
CNS standard system setup for GnuPG.
GnuPG program
- Source and documentation are available from http://www.gnupg.org.
- Use version 1.4.11 or later. You can determine the version with the command
gpg --version. - Be sure the IDEA cipher is available. If it is available, it will be listed in the
Cipher:line fromgpg --version.- IDEA is no longer patented and is included in 1.4.13 and later.
$ gpg --version
gpg (GnuPG) 1.4.11
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
CNS configuration files
- https://svn.cns.vt.edu/svnroot/cns-pki/pgp/
svn checkout https://svn.cns.vt.edu/svnroot/cns-pki/pgp/ cns-pgp- Compile the source in the
srcdirectory. - Install
src/delaylessandbin/gpglsomewhere on the path. - Install
config/gpg.confin/etc/skel/.gnupg/gpg.conf. - Install
config/gpg-ca-bundle.crtin/etc/pki/gnupg.
# Non-default options in CNS gpg.conf # Load the IDEA extension if needed load-extension /usr/lib/gnupg/idea # # Preferences # # The most highly ranked cipher in this list is also used for the --symmetric encryption command. personal-cipher-preferences AES256 AES192 AES CAMELLIA256 CAMELLIA192 CAMELLIA128 3DES CAST5 TWOFISH BLOWFISH IDEA # The most highly ranked digest algorithm in this list is also used when signing without encryption (e.g. --clearsign or --sign). # Note: SHA512 may not be supported by PGP8 personal-digest-preferences SHA256 SHA512 SHA384 SHA224 RIPEMD160 SHA1 MD5 # The most highly ranked compression algorithm in this list is also used when there are no recipient keys to consider (e.g. --symmetric). personal-compress-preferences BZIP2 ZLIB ZIP uncompressed # This preference list is used for new keys and becomes the default for "setpref" in the edit menu. default-preference-list SHA256 SHA512 SHA384 SHA224 RIPEMD160 SHA1 MD5 AES256 AES192 AES CAMELLIA256 CAMELLIA192 CAMELLIA128 3DES CAST5 TWOFISH BLOWFISH IDEA BZIP2 ZLIB ZIP uncompressed # s2k-digest-algo sha256 s2k-cipher-algo aes256 ask-cert-level cert-digest-algo sha256 no-force-v3-sigs keyserver hkps://keyserver.cns.vt.edu/ keyserver-options ca-cert-file=/etc/pki/gnupg/gpg-ca-bundle.crt use-agent list-options show-policy-urls show-notations show-sig-expire show-uid-validity show-sig-expire show-uid-validity show-unusable-uids show-unusable-subkeys