dotfiles

.gitconfig

[user]
	name = Jeffry Angtoni
	email = jeffryangtoni24@gmail.com
	# Add GPG signing key later, use exclamation mark for subkey.
#	signingKey = 4BB6D45482678BE3!
[core]
	editor = vim
	# Use true for windows, and input for linux/mac os.
	autocrlf = true
[color]
	ui = auto
[diff]
	submodule = log
[status]
	submodulesummary = 1
[grep]
	extendedRegexp = true
	lineNumber = true
[log]
	abbrevCommit = true
[push]
	recurseSubmodules = on-demand
[fetch]
	recurseSubmodules = on-demand
# Set this config later after gpg key has been created.
#[commit]
#	gpgSign = true
[alias]
	aliases = config --get-regexp '^alias\\.'
	push-with-lease = push --force-with-lease
	reword = commit --amend
	sinit = submodule update --init --recursive
	supdatem = submodule update --remote --merge
	supdater = submodule update --remote --rebase

dirmngr.conf

# ╔═══════════════════════════════════════════════════════════════════════════╗
# ║ dirmngr configuration (~/.gnupg/dirmngr.conf)                             ║
# ║                                                                           ║
# ║ Since GnuPG 2.1 dirmngr takes care of OpenPGP keyservers.                 ║
# ║ Save this file as ~/.gnupg/dirmngr.conf, or somewhere else and specify    ║
# ║ its location with the '--options <file>' option.                          ║
# ╚═══════════════════════════════════════════════════════════════════════════╝


# This is the server to communicate with in order to receive keys (--recv-keys)
# from, send keys (--send-keys) to, and search for keys (--search-keys)
keyserver hkps://keys.openpgp.org

gpg-agent.conf

# ╔═══════════════════════════════════════════════════════════════════════════╗
# ║ gpg-agent configuration (~/.gnupg/gpg-agent.conf)                         ║
# ║                                                                           ║
# ║ Note:                                                                     ║
# ║ After changing the configuration, reload the agent:                       ║
# ║   $ gpg-connect-agent reloadagent /bye                                    ║
# ╚═══════════════════════════════════════════════════════════════════════════╝


# Time a cache entry is valid (in seconds) default: 600 (10 minutes)
# Each time a cache entry is accessed, the entry's timer is reset
default-cache-ttl 600

# Select PIN entry program (qt, curses, gnome3,...)
# On Gentoo Linux: see also 'eselect pinentry list'
#pinentry-program /usr/bin/pinentry-tty
pinentry-program /usr/bin/pinentry-curses
#pinentry-program /usr/bin/pinentry-gnome3

# Allow clients to use the loopback pinentry features.
allow-loopback-pinentry

# Use GnuPG agent for SSH keys (instead of ssh-agent)
# Note: Make sure that gpg-agent is always started with login.
#
# This can be done by adding the following to ~/.bashrc:
#   # Start gpg-agent if not already running
#   if ! pgrep -x -u "${USER}" gpg-agent &> /dev/null; then
#        gpg-connect-agent /bye &> /dev/null
#   fi
#
# Additionally add:
#   # Set SSH to use gpg-agent (see 'man gpg-agent', section EXAMPLES)
#   unset SSH_AGENT_PID
#   if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
#       # export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
#       export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
#   fi
#
#   # Set GPG TTY as stated in 'man gpg-agent'
#   export GPG_TTY=$(tty)
#
#   # Refresh gpg-agent tty in case user switches into an X session
#   gpg-connect-agent updatestartuptty /bye > /dev/null
#
# For more details, see https://wiki.archlinux.org/title/GnuPG#SSH_agent
enable-ssh-support

gpg.conf

# ╔═══════════════════════════════════════════════════════════════════════════╗
# ║ gpg configuration (~/.gnupg/gpg.conf)                                     ║
# ║                                                                           ║
# ║ This options file can contain any long options which are available in     ║
# ║ GnuPG. See gpg(1) for a full list of options.                             ║
# ║                                                                           ║
# ║ Also useful: https://riseup.net/en/gpg-best-practices                     ║
# ║                                                                           ║
# ║ Note: Since GnuPG 2.1 some keyserver options have been moved to dirmngr   ║
# ╚═══════════════════════════════════════════════════════════════════════════╝


# ┌───────────────────────────────────────────────────────────────────────────┐
# │ Default key and recipient                                                 │
# └───────────────────────────────────────────────────────────────────────────┘

# If you have more than one secret key in your keyring, you may want to
# uncomment the following option and set your preferred keyid.
#default-key [key_with_flag_S]

# If you do not pass a recipient to gpg, it will ask for one. Using this option
# you can encrypt to a default key. Key validation will not be done in this
# case. The second form uses the default key as default recipient.
#default-recipient [key_with_flag_E]
#default-recipient-self


# ┌───────────────────────────────────────────────────────────────────────────┐
# │ Behavior                                                                  │
# └───────────────────────────────────────────────────────────────────────────┘

# Get rid of the copyright notice
no-greeting

# Disable comment string in clear text signatures and ASCII armored messages
no-comments

# Disable inclusion of the version string in ASCII armored output
no-emit-version

# Select how to display key IDs: none|short|long|0xshort|0xlong
keyid-format 0xlong

# List keys with their fingerprints
with-fingerprint

# If a fingerprint is printed for the primary key, this option forces printing of the fingerprint for all subkeys.
with-subkey-fingerprint

# Display the calculated validity of the user IDs during key listings
list-options show-uid-validity
verify-options show-uid-validity

# Turn "From" into "> From", in order to play nice with UNIX mailboxes.
escape-from-lines

# When verifying a signature made from a subkey, require that the
# cross-certification "back signature" on the subkey is present and valid.
require-cross-certification

# Use GnuPG Agent (gpg-agent) for secret key management.
use-agent

# Disable the passphrase cache used for symmetrical en- and decryption.
no-symkey-cache

# Do not automatically locate and retrieve keys as needed.
no-auto-key-locate

# Disable the automatic retrieving of keys from a keyserver when verifying signatures made by keys that are not on the local keyring.
no-auto-key-retrieve

# Do not put the recipient key IDs into encrypted messages.
# This helps to hide the receivers of the message and is a limited countermeasure against traffic analysis.
throw-keyids

# ┌───────────────────────────────────────────────────────────────────────────┐
# │ Algorithms and ciphers                                                    │
# └───────────────────────────────────────────────────────────────────────────┘

# List of personal digest preferences. When multiple digest are supported by
# all recipients, choose the strongest one
personal-digest-preferences SHA512 SHA384 SHA256 SHA224

# List of personal cipher preferences. When multiple ciphers are supported by
# all recipients, choose the strongest one
personal-cipher-preferences AES256 AES192 AES CAMELLIA256 CAMELLIA192 CAMELLIA128

# List of personal compress preferences. When multiple compression are supported by
# all recipients, choose the optimized one
personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed

# Preference list used for new keys. It becomes the default for "setpref" in the
# edit menu
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAMELLIA256 CAMELLIA192 CAMELLIA128 ZLIB BZIP2 ZIP Uncompressed

# Message digest algorithm used when signing a key
cert-digest-algo SHA512

# Never allow the use of name as cipher algorithm.
# The given name will not be checked so that a later loaded algorithm will still get disabled.
disable-cipher-algo 3DES

# Treat the specified digest algorithm as weak.
# Signatures made over weak digests algorithms are normally rejected.
weak-digest SHA1

# S2K Mode: Use a specified algorithm as the symmetric cipher for encrypting private keys.
s2k-cipher-algo AES256

# S2K Mode: Set the message digest algorithm for mangling passphrases protecting private keys.
s2k-digest-algo SHA512

# S2K Mode: Sets how passphrases are mangled.
# 0: Simple (hash applied one time to password)
# 1: Salted (hash applied one time to password+8 byte salt)
# 3: Iterated and salted (hash applied chosen number of times to password+8 byte salt)
s2k-mode 3

# S2K Mode: Sets number of rounds this hash function will be applied.
# It supports from 1024 to 65011712.
s2k-count 65011712

# ┌───────────────────────────────────────────────────────────────────────────┐
# │ Key servers                                                               │
# └───────────────────────────────────────────────────────────────────────────┘

# When using --refresh-keys, if the key in question has a preferred keyserver
# URL, then disable use of that preferred keyserver to refresh the key from
keyserver-options no-honor-keyserver-url

# When searching for a key with --search-keys, include keys that are marked on
# the keyserver as revoked
keyserver-options include-revoked

gpg.sh

#!/usr/bin/sh

# ╔═══════════════════════════════════════════════════════════════════════════╗
# ║ GnuPG configuration                                                       ║
# ║ Use GnuPG's gpg-agent(1) for SSH keys instead of ssh-agent(1)             ║
# ║                                                                           ║
# ║ This file needs to be sources by ~/.bashrc (or similar) if gpg-agent is   ║
# ║ used instead of ssh-agent for SSH keys.                                   ║
# ║                                                                           ║
# ║ If this is not the case, adding "export GPG_TTY=$(tty)" to ~/.bashrc is   ║
# ║ enough.                                                                   ║
# ╚═══════════════════════════════════════════════════════════════════════════╝

# Notes:
#
# - There seems to be a bug when gpg(1) is used for the first time to
#   generate a key while the gpg-agent daemon is already running, for example,
#   because this script launched the agent. Therefore, before the very first key
#   is generated make sure that gpg-agent is not running, or the following error
#   shows up:
#
#       gpg: agent_genkey failed: No such file or directory
#
# - All GnuPG tools start the gpg-agent as needed. This is not possible for the
#   SSH support because SSH doesn't know about it. Thus, if no GnuPG tool which
#   accesses the agent has been run, SSH won't be able to use gpg-agent for
#   authentication. So, we have to make sure that gpg-agent is always started
#   with login.
#   Once gpg-agent is running use ssh-add to approve keys, following the same
#   steps as for ssh-agent. The list of approved keys is stored in the
#   ~/.gnupg/sshcontrol file. Once a key is approved, a pinentry dialog pops up
#   every time a passphrase is needed.


# Start gpg-agent if not already running
if ! pgrep -x -u "${USER}" gpg-agent &> /dev/null; then
  gpg-connect-agent /bye &> /dev/null
fi


# Set SSH to use gpg-agent [see gpg-agent(1), section EXAMPLES]. The test is
# needed if the agent is started as 'gpg-agent --daemon /bin/sh', in which case
# the shell inherits SSH_AUTH_SOCK from the parent, gpg-agent.
unset SSH_AGENT_PID
if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
  export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
fi

# Always set GPG_TTY
export GPG_TTY=$(tty)

# Refresh gpg-agent TTY in case user switches into an X session. If the user
# needs to be prompted for a passphrase, which is necessary for decrypting the
# stored key, the ssh-agent protocol does not contain a mechanism for telling
# the agent on which display/terminal it is running. gpg-agent's ssh-support
# will therefore use the TTY or X display where gpg-agent has been started. To
# switch this display to the current one, the following command may be used:
gpg-connect-agent updatestartuptty /bye > /dev/null