Redundant "hardened" gpg.conf

[Diaoul]

I am just starting my YubiKey journey so I really appreciate the effort you put into this project: thanks for the awesome guide!

I've been curious about this hardened configuration of gpg.conf in the guide and found out that a lot of those options are already default for the most part or would result in bugs or actually poorer security. The GnuPG FAQ states:

8.1 Does GnuPG need to be ‘tuned’ before use? No. GnuPG has sensible defaults right out of the box. You don’t need to tune GnuPG before you can use it.

228 is already about simplifying gpg.conf but I think even more can be done.

On Arch Linux with GPG:

$ export GNUPGHOME=$(mktemp -d)
$ gpg --version
gpg (GnuPG) 2.2.28
libgcrypt 1.9.3-unknown
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /tmp/tmp.g0ZLGEZtKi
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Here are the defaults I have:

$ gpg --batch --no-tty --quiet --pinentry-mode loopback --passphrase '' --quick-gen-key 'bananas'
$ gpg --export bananas | pgpdump | awk '/Sub: /{ k = 0 }; /^[[:space:]]*Hashed Sub: preferred/{ k = 1 }; { if (k) { print $0 }; };'
    Hashed Sub: preferred symmetric algorithms(sub 11)(4 bytes)
        Sym alg - AES with 256-bit key(sym 9)
        Sym alg - AES with 192-bit key(sym 8)
        Sym alg - AES with 128-bit key(sym 7)
        Sym alg - Triple-DES(sym 2)
    Hashed Sub: preferred hash algorithms(sub 21)(5 bytes)
        Hash alg - SHA512(hash 10)
        Hash alg - SHA384(hash 9)
        Hash alg - SHA256(hash 8)
        Hash alg - SHA224(hash 11)
        Hash alg - SHA1(hash 2)
    Hashed Sub: preferred compression algorithms(sub 22)(3 bytes)
        Comp alg - ZLIB <RFC1950>(comp 2)
        Comp alg - BZip2(comp 3)
        Comp alg - ZIP <RFC1951>(comp 1)

The s2k seem to be an improvement over defaults, however this is only true when doing --symmetric operations it seems:

$ echo bananas | gpg --symmetric | pgpdump
Old: Symmetric-Key Encrypted Session Key Packet(tag 3)(13 bytes)
    New version(4)
    Sym alg - AES with 128-bit key(sym 7)
    Iterated and salted string-to-key(s2k 3):
        Hash alg - SHA1(hash 2)
        Salt - b5 3a 9f 04 48 97 f7 97
        Count - 65011712(coded count 255)
New: Symmetrically Encrypted and MDC Packet(tag 18)(60 bytes)
    Ver 1
    Encrypted data [sym alg is specified in sym-key encrypted session key]
        (plain text + MDC SHA1(20 bytes))

As for the other options of the list, here are my comments inline:

charset utf-8  # not found in manpage
fixed-list-mode  # default, always used and deprecated since 2.0.10
no-comments  # default
no-emit-version  # default
keyid-format 0xlong  # fingerprint seems to be prefarable: https://security.stackexchange.com/questions/84280/short-openpgp-key-ids-are-insecure-how-to-configure-gnupg-to-use-long-key-ids-i
with-fingerprint  # see above
list-options show-uid-validity  # default
verify-options show-uid-validity  # default
require-cross-certification  # default
no-symkey-cache  # not sure this is actual hardening
use-agent  # dummy option
throw-keyids  # see issue mentioned before

Surely those options were useful at some point but it seems gpg has since caught up and most of them are not needed anymore. Debian buster is using gpg 2.2.12 so it may be not far behind if not the same as my current version.

I am by no mean a security expert but I think the guide would gain clarity if gpg.conf could be simplified and option benefits outlined. What do you think?

[drduh]

Readers are encouraged to modify their gpg configuration as they see fit. This one is redundant on purpose for verbosity and compatibility. Please reopen if there's a security issue with it as is.