On Wed, Apr 13, 2016 at 10:06:11PM +1000, Russell Coker wrote:
On Wed, 13 Apr 2016 05:26:49 PM Ben McGinnes via luv-main wrote:
As far as I'm concerned if you can't be bothered editing your algorithm preference order in gpg.conf and editing your keys and subkeys (actually they're set according to each UID) to match then you have no business trying to make keys larger than the default maximums.
Actually I think it's the responsibility of DDs in question (and other OS developers) to ensure that GPG defaults to the correct algorithm preference.
Currently the default in most Linux distros (or OSes for that matter) is to create ~/.gnupg/ if its not there when the program is invoked, but not to generate a default gpg.conf. Distributions could set more sensible defaults by setting a basic system wide gpg.conf to be copied to a user's directory if it didn't exist, but the problem is that the first command for a lot of new users is --gen-key and if the gpg.conf is not already in place when the command is run then it won't affect the results.
Also it would be handy if there was a tool to check your GPG configuration and key setup for obvious mistakes.
That's a very good idea, the biggest hurdle I can see at the moment is that the info is normally only visible interactively by editing a key and using the showpref command. OTOH I haven't had nearly enough caffeine yet to be firing on all cylinders, so let it simmer in the back of my brain for a while and we'll see. ;) My main GPGME Python work is dependent on an overhaul of GPGME itself (someone needs to rip all that GTK2 crap out of the C API for a start). So this might give me something useful to do in the mean time. Regards, Ben