{ pkgs, ... }@all: with all;
{
  # there also is a system module
  home.packages = with pkgs; [
    gnupg
    gpg-tui
    pinentry-all
  ];

  services.gpg-agent = let 
    min2sec = min: (min * 60); 
  in {
    enable = true;
    verbose = true;
    sshKeys = [
      "97081264F7FD72D890D496E839AA9A4C7892A7D8" # Keygrip (not Fingerprint!) of [A] Subkey
    ];
    enableSshSupport = true;
    enableFishIntegration = true;
    defaultCacheTtlSsh = min2sec 60;
    defaultCacheTtl = min2sec 30;
    pinentry = {
      package = pkgs.pinentry;
      program = "pinentry";
    };
    extraConfig = ''
      allow-loopback-pinentry
    '';
  };

  home.file.".gnupg/gpg.conf".text = ''
    personal-cipher-preferences AES256 AES192 AES
    personal-digest-preferences SHA512 SHA384 SHA256
    personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
    default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
    cert-digest-algo SHA512
    s2k-digest-algo SHA512
    s2k-cipher-algo AES256
    charset utf-8
    no-comments
    no-emit-version
    no-greeting
    keyid-format 0xlong
    list-options show-uid-validity
    verify-options show-uid-validity
    with-fingerprint
    require-cross-certification
    no-symkey-cache
    armor
    use-agent
    pinentry-mode loopback
  '';
}