1 |
commit: be03b7085d02d1b4491ebb0c529830677f70bad4 |
2 |
Author: Pavlos Ratis <dastergon <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Nov 27 11:37:05 2014 +0000 |
4 |
Commit: Pavlos Ratis <dastergon <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Nov 27 11:37:54 2014 +0000 |
6 |
URL: http://sources.gentoo.org/gitweb/?p=proj/api.git;a=commit;h=be03b708 |
7 |
|
8 |
add glep63 spec files |
9 |
|
10 |
Signed-off-by: Pavlos Ratis <dastergon <AT> gentoo.org> |
11 |
|
12 |
--- |
13 |
files/gentoo-keys/specs/glep63-gpg-conf.skel | 44 +++++++++++++++++++++++ |
14 |
files/gentoo-keys/specs/glep63-gpg-conf.skel.sig | Bin 0 -> 639 bytes |
15 |
files/gentoo-keys/specs/glep63.spec | 13 +++++++ |
16 |
files/gentoo-keys/specs/glep63.spec.sig | Bin 0 -> 639 bytes |
17 |
4 files changed, 57 insertions(+) |
18 |
|
19 |
diff --git a/files/gentoo-keys/specs/glep63-gpg-conf.skel b/files/gentoo-keys/specs/glep63-gpg-conf.skel |
20 |
new file mode 100644 |
21 |
index 0000000..73e8708 |
22 |
--- /dev/null |
23 |
+++ b/files/gentoo-keys/specs/glep63-gpg-conf.skel |
24 |
@@ -0,0 +1,44 @@ |
25 |
+################################################# |
26 |
+# GLEP 63 specifications for OpenPGP key creation |
27 |
+################################################# |
28 |
+ |
29 |
+# Keyserver |
30 |
+keyserver pool.sks-keyservers.net |
31 |
+ |
32 |
+emit-version |
33 |
+ |
34 |
+default-recipient-self |
35 |
+ |
36 |
+# -- All of the below portion from the RiseUp.net OpenPGP best practices, and |
37 |
+# -- many of them are also in the Debian GPG documentation. |
38 |
+ |
39 |
+# when outputting certificates, view user IDs distinctly from keys: |
40 |
+fixed-list-mode |
41 |
+ |
42 |
+# Long keyids are more collision-resistant than short keyids (it's trivial to make a key |
43 |
+# with any desired short keyid) |
44 |
+# NOTE: this breaks KMail GnuPG support! |
45 |
+keyid-format 0xlong |
46 |
+ |
47 |
+# When multiple digests are supported by all recipients, choose the strongest one: |
48 |
+personal-digest-preferences SHA512 SHA384 SHA256 SHA224 |
49 |
+ |
50 |
+# Preferences chosen for new keys should prioritize stronger algorithms: |
51 |
+default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed |
52 |
+ |
53 |
+# If you use a graphical environment (and even if you don't) you should be using an agent: |
54 |
+# (similar arguments as https://www.debian-administration.org/users/dkg/weblog/64) |
55 |
+use-agent |
56 |
+ |
57 |
+# You should always know at a glance which User IDs gpg thinks are legitimately bound to |
58 |
+# the keys in your keyring: |
59 |
+verify-options show-uid-validity |
60 |
+list-options show-uid-validity |
61 |
+ |
62 |
+# Include an unambiguous indicator of which key made a signature: |
63 |
+# (see http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234) |
64 |
+# (and http://www.ietf.org/mail-archive/web/openpgp/current/msg00405.html) |
65 |
+sig-notation issuer-fpr@×××××××××××××××××××××××××××××××.net=%g |
66 |
+ |
67 |
+# When making an OpenPGP certification, use a stronger digest than the default SHA1: |
68 |
+cert-digest-algo SHA256 |
69 |
|
70 |
diff --git a/files/gentoo-keys/specs/glep63-gpg-conf.skel.sig b/files/gentoo-keys/specs/glep63-gpg-conf.skel.sig |
71 |
new file mode 100644 |
72 |
index 0000000..493a5d7 |
73 |
Binary files /dev/null and b/files/gentoo-keys/specs/glep63-gpg-conf.skel.sig differ |
74 |
|
75 |
diff --git a/files/gentoo-keys/specs/glep63.spec b/files/gentoo-keys/specs/glep63.spec |
76 |
new file mode 100644 |
77 |
index 0000000..2b4fc45 |
78 |
--- /dev/null |
79 |
+++ b/files/gentoo-keys/specs/glep63.spec |
80 |
@@ -0,0 +1,13 @@ |
81 |
+<GnupgKeyParms format="internal"> |
82 |
+ Key-Type: RSA |
83 |
+ Key-Length: 4096 |
84 |
+ Expire-Date: 36m |
85 |
+ Key-Usage: , |
86 |
+ Subkey-Type: RSA |
87 |
+ Subkey-Length: 4096 |
88 |
+ Subkey-Usage: sign |
89 |
+ Name-Real: {0} |
90 |
+ Name-Email: {1} |
91 |
+ %ask-passphrase |
92 |
+</GnupgKeyParms> |
93 |
+ |
94 |
|
95 |
diff --git a/files/gentoo-keys/specs/glep63.spec.sig b/files/gentoo-keys/specs/glep63.spec.sig |
96 |
new file mode 100644 |
97 |
index 0000000..82b8b8f |
98 |
Binary files /dev/null and b/files/gentoo-keys/specs/glep63.spec.sig differ |