Security/Guidelines/Key Management: Difference between revisions

Jump to navigation Jump to search

Security/Guidelines/Key Management (view source)

Revision as of 18:32, 31 October 2014

162 bytes added ,  31 October 2014
Updated gpg options to stronger defaults
(Updated gpg options to stronger defaults)
Line 168: Line 168:
=== GnuPG settings ===
=== GnuPG settings ===
By default, GnuPG may use deprecated hashing algorithms such as SHA1 when used for signing. These settings ensure a more modern selection of hashing algorithms.
By default, GnuPG may use deprecated hashing algorithms such as SHA1 when used for signing. These settings ensure a more modern selection of hashing algorithms.
Using long key ids over the default short key ids is also recommended. If possible, using complete fingerprints is even better.


File: ~/.gnupg/gpg.conf
File: ~/.gnupg/gpg.conf
<source>
<source>
personal-digest-preferences SHA256
personal-digest-preferences SHA512 SHA384 SHA256
cert-digest-algo SHA256
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
keyid-format 0xlong
</source>
</source>


Gdestuynder
Confirmed users
502

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1029706"

Navigation menu