134 lines
4.8 KiB
Text
134 lines
4.8 KiB
Text
# Configuration file for gpg (~/.gnupg/gpg.conf)
|
|
#
|
|
# This options file can contain any long options which are available in
|
|
# GnuPG. See gpg(1) for a full list of options.
|
|
#
|
|
# Also useful: https://riseup.net/en/gpg-best-practices
|
|
|
|
#
|
|
# Default key and recipient
|
|
#
|
|
|
|
# If you have more than one secret key in your keyring, you may want to
|
|
# uncomment the following option and set your preferred keyid.
|
|
# default-key C4380B57
|
|
|
|
# If you do not pass a recipient to gpg, it will ask for one. Using this option
|
|
# you can encrypt to a default key. Key validation will not be done in this
|
|
# case. The second form uses the default key as default recipient.
|
|
# default-recipient <user-id>
|
|
default-recipient-self
|
|
|
|
#
|
|
# Behavior
|
|
#
|
|
|
|
# Get rid of the copyright notice
|
|
no-greeting
|
|
|
|
# Disable inclusion of the version string in ASCII armored output
|
|
no-emit-version
|
|
|
|
# Disable comment string in clear text signatures and ASCII armored messages.
|
|
no-comments
|
|
|
|
# Select how to display key IDs: none|short|long|0xshort|0xlong
|
|
keyid-format 0xlong
|
|
|
|
# List keys with their fingerprints
|
|
with-fingerprint
|
|
|
|
# List keys with their keygrip
|
|
with-keygrip
|
|
|
|
# Display the calculated validity of the user IDs during key listings
|
|
list-options show-uid-validity
|
|
verify-options show-uid-validity
|
|
|
|
# Try to use the GnuPG-Agent. With this option, GnuPG first tries to connect to
|
|
# the agent before it asks for a passphrase.
|
|
use-agent
|
|
|
|
# Because some mailers change lines starting with "From " to ">From " it is good
|
|
# to handle such lines in a special way when creating cleartext signatures; all
|
|
# other PGP versions do it this way too. To enable full OpenPGP compliance you
|
|
# may want to use this option.
|
|
# no-escape-from-lines
|
|
|
|
#
|
|
# Algorithms and ciphers
|
|
#
|
|
|
|
# When verifying a signature made from a subkey, ensure that the cross
|
|
# certification "back signature" on the subkey is present and valid. This
|
|
# protects against a subtle attack against subkeys that can sign.
|
|
require-cross-certification
|
|
|
|
# List of personal digest preferences. When multiple digest are supported by
|
|
# all recipients, choose the strongest one
|
|
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
|
|
|
|
# Message digest algorithm used when signing a key
|
|
cert-digest-algo SHA512
|
|
|
|
# List of personal cipher preferences. When multiple ciphers are supported by
|
|
# all recipients, choose the strongest one
|
|
personal-cipher-preferences AES256 AES192 AES TWOFISH CAMELLIA256 3DES
|
|
|
|
# Preference list used for new keys. It becomes the default for "setpref" in the
|
|
# edit menu
|
|
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
|
|
|
|
#
|
|
# Key servers
|
|
#
|
|
|
|
# The following two options are moved to dirmngr.conf since GnuPG 2.1, check
|
|
# 'man dirmngr' for more details
|
|
# keyserver hkps://hkps.pool.sks-keyservers.net
|
|
# keyserver-options ca-cert-file=~/.gnupg/hkps.pool.sks-keyservers.net.pem
|
|
keyserver hkps://keys.openpgp.org
|
|
|
|
# Set the proxy to use for HTTP and HKP keyservers - default to the standard
|
|
# local Tor socks proxy
|
|
# It is encouraged to use Tor for improved anonymity. Preferrably use either a
|
|
# dedicated SOCKSPort for GnuPG and/or enable IsolateDestPort and
|
|
# IsolateDestAddr
|
|
# keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050
|
|
|
|
# Don't leak DNS, see https://trac.torproject.org/projects/tor/ticket/2846
|
|
# keyserver-options no-try-dns-srv
|
|
|
|
# When using --refresh-keys, if the key in question has a preferred keyserver
|
|
# URL, then disable use of that preferred keyserver to refresh the key from
|
|
keyserver-options no-honor-keyserver-url
|
|
|
|
# When searching for a key with --search-keys, include keys that are marked on
|
|
# the keyserver as revoked
|
|
keyserver-options include-revoked
|
|
|
|
# Automatically fetch keys from key server when not on the local keyring
|
|
keyserver-options auto-key-retrieve
|
|
|
|
#
|
|
# Miscellaneous options
|
|
#
|
|
|
|
# Group names may be defined like this:
|
|
# group mynames = paige 0x12345678 joe patti
|
|
#
|
|
# Any time "mynames" is a recipient (-r or --recipient), it will be expanded to
|
|
# the names "paige", "joe", and "patti", and the key ID "0x12345678". Note
|
|
# there is only one level of expansion - you cannot make an group that points to
|
|
# another group. Note also that if there are spaces in the recipient name, this
|
|
# will appear as two recipients. In these cases it is better to use the key ID.
|
|
# group mynames = paige 0x12345678 joe patti
|
|
|
|
# GnuPG can automatically locate and retrieve keys as needed using this option.
|
|
# This happens when encrypting to an email address (in the "user@@example.com"
|
|
# form) and there are no keys matching "user@example.com" in the local keyring.
|
|
# This option takes any number mechanisms which are tried in the given order.
|
|
# The default is "--auto-key-locate local" to search for keys only in the local
|
|
# key database. Uncomment the next line to locate a missing key using two DNS
|
|
# based mechanisms.
|
|
# auto-key-locate local,pka,dane
|