{ pkgs, pkgsUnstable, ... }:
{
  #TODO: ENV variabls for agent
  programs.gpg = {
    enable = true;
    package = pkgsUnstable.gnupg;
    settings = {
      "use-agent" = true;
      "trust-model" = "tofu";
      "no-emit-version" = true;
      "no-comments" = true;
      "sig-notation" = "issuer-fpr@notations.openpgp.fifthhorseman.net=%g";
      "keyserver" = "hkps://keys.openpgp.org";
      "keyserver-options" = "auto-key-retrieve no-honor-keyserver-url";
      "personal-cipher-preferences" = "AES256 AES192 AES CAST5";
      "cert-digest-algo" = "SHA512";
      "personal-digest-preferences" = "SHA512 SHA384 SHA256 SHA224";
      "default-preference-list" = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
      "display-charset" = "utf-8";
      "fixed-list-mode" = true;
      "with-fingerprint" = true;
      "keyid-format" = "0xlong";
      "verify-options" = "show-uid-validity";
      "list-options" = "show-uid-validity";
    };
    scdaemonSettings = {
      disable-ccid = true;
    };
    # TODO: Complete this list and maybe transfer to managed configuration?
    #publicKeys = [
    # { source = "./fabian.hauser@qo.is.pub"; trust = 5; }
    # { source = "./fabian.hauser@threema.ch.pub"; trust = 5; }
    #];
  };
  services.gpg-agent = {
    enable = true;
    enableScDaemon = true;
    enableSshSupport = true;
    enableExtraSocket = true;
    # TODO: pinentryPackage = 
    extraConfig =
      let
        pinentryBemenu = pkgs.writeShellApplication {
          name = "pinentry-bemenu-with-env";
          text = ''
            PATH="$PATH:${pkgs.coreutils}/bin:${pkgs.bemenu}/bin"
            "${pkgs.pinentry-bemenu}/bin/pinentry-bemenu" "$@"
          '';
        };
      in
      ''
        pinentry-program ${pinentryBemenu}/bin/pinentry-bemenu-with-env
      '';
    sshKeys = [
      "99DFB0F28CF9420A2D6383139E86814A1568C81B" # 0x8193A5D218B553DD / fabian.hauser@threema.ch
      "638143D3F6421377E9D4C7F1D2EDC5AA0A860351" # 0x3E957C9C8CB5D6B2 / fabian.hauser@qo.is
    ];
  };
}