# Configuration file for gpg (~/.gnupg/gpg.conf) # # This options file can contain any long options which are available in # GnuPG. See gpg(1) for a full list of options. # # Also useful: https://riseup.net/en/gpg-best-practices # # Default key and recipient # # If you have more than one secret key in your keyring, you may want to # uncomment the following option and set your preferred keyid. # default-key C4380B57 # If you do not pass a recipient to gpg, it will ask for one. Using this option # you can encrypt to a default key. Key validation will not be done in this # case. The second form uses the default key as default recipient. # default-recipient default-recipient-self # # Behavior # # Get rid of the copyright notice no-greeting # Disable inclusion of the version string in ASCII armored output no-emit-version # Disable comment string in clear text signatures and ASCII armored messages. no-comments # Select how to display key IDs: none|short|long|0xshort|0xlong keyid-format 0xlong # List keys with their fingerprints with-fingerprint # List keys with their keygrip with-keygrip # Display the calculated validity of the user IDs during key listings list-options show-uid-validity verify-options show-uid-validity # Try to use the GnuPG-Agent. With this option, GnuPG first tries to connect to # the agent before it asks for a passphrase. use-agent # Because some mailers change lines starting with "From " to ">From " it is good # to handle such lines in a special way when creating cleartext signatures; all # other PGP versions do it this way too. To enable full OpenPGP compliance you # may want to use this option. # no-escape-from-lines # # Algorithms and ciphers # # When verifying a signature made from a subkey, ensure that the cross # certification "back signature" on the subkey is present and valid. This # protects against a subtle attack against subkeys that can sign. require-cross-certification # List of personal digest preferences. When multiple digest are supported by # all recipients, choose the strongest one personal-digest-preferences SHA512 SHA384 SHA256 SHA224 # Message digest algorithm used when signing a key cert-digest-algo SHA512 # List of personal cipher preferences. When multiple ciphers are supported by # all recipients, choose the strongest one personal-cipher-preferences AES256 AES192 AES TWOFISH CAMELLIA256 3DES # Preference list used for new keys. It becomes the default for "setpref" in the # edit menu default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed # # Key servers # # The following two options are moved to dirmngr.conf since GnuPG 2.1, check # 'man dirmngr' for more details # keyserver hkps://hkps.pool.sks-keyservers.net # keyserver-options ca-cert-file=~/.gnupg/hkps.pool.sks-keyservers.net.pem keyserver hkps://keys.openpgp.org # Set the proxy to use for HTTP and HKP keyservers - default to the standard # local Tor socks proxy # It is encouraged to use Tor for improved anonymity. Preferrably use either a # dedicated SOCKSPort for GnuPG and/or enable IsolateDestPort and # IsolateDestAddr # keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 # Don't leak DNS, see https://trac.torproject.org/projects/tor/ticket/2846 # keyserver-options no-try-dns-srv # When using --refresh-keys, if the key in question has a preferred keyserver # URL, then disable use of that preferred keyserver to refresh the key from keyserver-options no-honor-keyserver-url # When searching for a key with --search-keys, include keys that are marked on # the keyserver as revoked keyserver-options include-revoked # Automatically fetch keys from key server when not on the local keyring keyserver-options auto-key-retrieve # # Miscellaneous options # # Group names may be defined like this: # group mynames = paige 0x12345678 joe patti # # Any time "mynames" is a recipient (-r or --recipient), it will be expanded to # the names "paige", "joe", and "patti", and the key ID "0x12345678". Note # there is only one level of expansion - you cannot make an group that points to # another group. Note also that if there are spaces in the recipient name, this # will appear as two recipients. In these cases it is better to use the key ID. # group mynames = paige 0x12345678 joe patti # GnuPG can automatically locate and retrieve keys as needed using this option. # This happens when encrypting to an email address (in the "user@@example.com" # form) and there are no keys matching "user@example.com" in the local keyring. # This option takes any number mechanisms which are tried in the given order. # The default is "--auto-key-locate local" to search for keys only in the local # key database. Uncomment the next line to locate a missing key using two DNS # based mechanisms. # auto-key-locate local,pka,dane