gpg has some preset default settings, which I assume were selected as a compromise between speed and security. I understand that these are good enough for most people.
But, in a situation where speed / performance was not an issue, what defaults could be changed, to make gpg use stronger parameters, and use even stronger encryption ?
For example, I have read discussions about the s2k-count default value being not sufficient. I really don't care if my gpg operation takes 50 milliseconds or 200 milliseconds. I would rather err on the side of safety, even if it is overkill.
Specifically, I would like to use the strongest possible values for:
- password hashing iterations
- size of asymetric key
- algorithm for symetric key
What else could be changed from default values, to make gpg more secure ?
I am using gpg (GnuPG) 2.2.12 on Debian Buster.