2 files changed, 23 insertions, 4 deletions

diff --git a/.gnupg/gpg-agent.conf b/.gnupg/gpg-agent.conf
index f584310..2f64efe 100644
--- a/.gnupg/gpg-agent.conf
+++ b/.gnupg/gpg-agent.conf
@@ -1,4 +1,4 @@
-pinentry-program /usr/bin/pinentry
-no-grab
-default-cache-ttl 1800
+default-cache-ttl 600
+max-cache-ttl 7200
 enable-ssh-support
+#write-env-file ~/.gpg-agent-info
diff --git a/.gnupg/gpg.conf b/.gnupg/gpg.conf
index c025172..582d14b 100644
--- a/.gnupg/gpg.conf
+++ b/.gnupg/gpg.conf
@@ -1,12 +1,31 @@
-use-agent
+# Assume that command line arguments are given as UTF8 strings.
 utf8-strings
+
+# when outputting certificates, view user IDs distinctly from keys:
 fixed-list-mode
+
+# long keyids are more collision-resistant than short keyids (it's trivial to make a key
+# with any desired short keyid)
+# NOTE: this breaks kmail gnupg support!
 keyid-format 0xlong
+
+# when multiple digests are supported by all recipients, choose the strongest one:
 personal-digest-preferences SHA512 SHA384 SHA256 SHA224
+
+# preferences chosen for new keys should prioritize stronger algorithms:
 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
+
+# You should always know at a glance which User IDs GPG thinks are legitimately bound to
+# the keys in the keyring:
 verify-options show-uid-validity
 list-options show-uid-validity
+
+# include an unambiguous indicator of which key made a signature:
+# (see http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234)
+# (and http://www.ietf.org/mail-archive/web/openpgp/current/msg00405.html)
 sig-notation issuer-fpr@notations.openpgp.fifthhorseman.net=%g
+
+# when making an OpenPGP certification, use a stronger digest than the default SHA1:
 cert-digest-algo SHA512
 s2k-cipher-algo AES256
 s2k-digest-algo SHA512