mirror of
https://github.com/nix-community/home-manager
synced 2024-11-27 05:29:46 +01:00
gpg: sane default for throw-keyids option
The [throw-keyids](https://www.gnupg.org/gph/en/manual/r2110.html) option "hides the receiver of the encrypted data as a countermeasure against traffic analysis." However, it also slows down decryption, and even breaks some applications; see e.g. https://github.com/open-keychain/open-keychain/issues/626 I think the sane default would be to leave it off, just as it is off by default in gpg. The typical user will probably not need this level of security, and will probably prefer a better user experience (faster decryption and compatibility with a wider range of applications). Closes #838
This commit is contained in:
parent
d3e316eec5
commit
41f918499b
2 changed files with 1 additions and 1 deletions
|
@ -51,7 +51,6 @@ in {
|
||||||
with-fingerprint = mkDefault true;
|
with-fingerprint = mkDefault true;
|
||||||
require-cross-certification = mkDefault true;
|
require-cross-certification = mkDefault true;
|
||||||
no-symkey-cache = mkDefault true;
|
no-symkey-cache = mkDefault true;
|
||||||
throw-keyids = mkDefault true;
|
|
||||||
use-agent = mkDefault true;
|
use-agent = mkDefault true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ with lib;
|
||||||
settings = {
|
settings = {
|
||||||
no-comments = false;
|
no-comments = false;
|
||||||
s2k-cipher-algo = "AES128";
|
s2k-cipher-algo = "AES128";
|
||||||
|
throw-keyids = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue