eeva/home-manager
1
0
Fork 0
mirror of https://github.com/nix-community/home-manager synced 2024-11-23 03:29:45 +01:00
Code Issues Releases Wiki Activity

gpg: sane default for throw-keyids option

Browse source 
The [throw-keyids](https://www.gnupg.org/gph/en/manual/r2110.html)
option "hides the receiver of the encrypted data as a countermeasure
against traffic analysis." However, it also slows down decryption, and
even breaks some applications; see e.g.
https://github.com/open-keychain/open-keychain/issues/626

I think the sane default would be to leave it off, just as it is off
by default in gpg. The typical user will probably not need this level
of security, and will probably prefer a better user experience (faster
decryption and compatibility with a wider range of applications).

Closes #838
This commit is contained in:
Bjarki Ágúst Guðmundsson 2019-09-08 17:06:14 +00:00 committed by Robert Helgesson
parent d3e316eec5
commit 41f918499b
No known key found for this signature in database
GPG key ID: 36BDAA14C2797E89
2 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
modules/programs/gpg.nix
View file

@ -51,7 +51,6 @@ in {
with-fingerprint = mkDefault true;
require-cross-certification = mkDefault true;
no-symkey-cache = mkDefault true;
throw-keyids = mkDefault true;
use-agent = mkDefault true;
};

1
tests/modules/programs/gpg/override-defaults.nix
View file

@ -10,6 +10,7 @@ with lib;
settings = {
no-comments = false;
s2k-cipher-algo = "AES128";
throw-keyids = true;
};
};