|
| 1 | + |
| 2 | + |
| 3 | +# Uncomment the following option to get rid of the copyright notice |
| 4 | + |
| 5 | +no-greeting |
| 6 | + |
| 7 | +# If you have more than 1 secret key in your keyring, you may want to |
| 8 | +# uncomment the following option and set your preferred keyid. |
| 9 | + |
| 10 | +#default-key |
| 11 | + |
| 12 | + |
| 13 | +# If you do not pass a recipient to gpg, it will ask for one. Using |
| 14 | +# this option you can encrypt to a default key. Key validation will |
| 15 | +# not be done in this case. The second form uses the default key as |
| 16 | +# default recipient. |
| 17 | + |
| 18 | +#default-recipient some-user-id |
| 19 | +#default-recipient-self |
| 20 | + |
| 21 | + |
| 22 | + |
| 23 | +# By default GnuPG creates version 4 signatures for data files as |
| 24 | +# specified by OpenPGP. Some earlier (PGP 6, PGP 7) versions of PGP |
| 25 | +# require the older version 3 signatures. Setting this option forces |
| 26 | +# GnuPG to create version 3 signatures. |
| 27 | + |
| 28 | +#force-v3-sigs |
| 29 | + |
| 30 | + |
| 31 | +# Because some mailers change lines starting with "From " to ">From " |
| 32 | +# it is good to handle such lines in a special way when creating |
| 33 | +# cleartext signatures; all other PGP versions do it this way too. |
| 34 | +# To enable full OpenPGP compliance you may want to use this option. |
| 35 | + |
| 36 | +no-escape-from-lines |
| 37 | + |
| 38 | + |
| 39 | +# When verifying a signature made from a subkey, ensure that the cross |
| 40 | +# certification "back signature" on the subkey is present and valid. |
| 41 | +# This protects against a subtle attack against subkeys that can sign. |
| 42 | +# Defaults to --no-require-cross-certification. However for new |
| 43 | +# installations it should be enabled. |
| 44 | + |
| 45 | +require-cross-certification |
| 46 | + |
| 47 | + |
| 48 | +# If you do not use the Latin-1 (ISO-8859-1) charset, you should tell |
| 49 | +# GnuPG which is the native character set. Please check the man page |
| 50 | +# for supported character sets. This character set is only used for |
| 51 | +# metadata and not for the actual message which does not undergo any |
| 52 | +# translation. Note that future version of GnuPG will change to UTF-8 |
| 53 | +# as default character set. |
| 54 | + |
| 55 | +charset utf-8 |
| 56 | + |
| 57 | + |
| 58 | +# Group names may be defined like this: |
| 59 | +# group mynames = paige 0x12345678 joe patti |
| 60 | +# |
| 61 | +# Any time "mynames" is a recipient (-r or --recipient), it will be |
| 62 | +# expanded to the names "paige", "joe", and "patti", and the key ID |
| 63 | +# "0x12345678". Note there is only one level of expansion - you |
| 64 | +# cannot make an group that points to another group. Note also that |
| 65 | +# if there are spaces in the recipient name, this will appear as two |
| 66 | +# recipients. In these cases it is better to use the key ID. |
| 67 | + |
| 68 | +#group mynames = paige 0x12345678 joe patti |
| 69 | + |
| 70 | + |
| 71 | +# Some old Windows platforms require 8.3 filenames. If your system |
| 72 | +# can handle long filenames, uncomment this. |
| 73 | + |
| 74 | +#no-mangle-dos-filenames |
| 75 | + |
| 76 | + |
| 77 | +# Lock the file only once for the lifetime of a process. If you do |
| 78 | +# not define this, the lock will be obtained and released every time |
| 79 | +# it is needed - normally this is not needed. |
| 80 | + |
| 81 | +#lock-once |
| 82 | + |
| 83 | + |
| 84 | +# GnuPG can send and receive keys to and from a keyserver. These |
| 85 | +# servers can be HKP, email, or LDAP (if GnuPG is built with LDAP |
| 86 | +# support). |
| 87 | +# |
| 88 | +# Example HKP keyservers: |
| 89 | +# hkp://keys.gnupg.net |
| 90 | +# |
| 91 | +# Example LDAP keyservers: |
| 92 | +# ldap://pgp.surfnet.nl:11370 |
| 93 | +# |
| 94 | +# Regular URL syntax applies, and you can set an alternate port |
| 95 | +# through the usual method: |
| 96 | +# hkp://keyserver.example.net:22742 |
| 97 | +# |
| 98 | +# If you have problems connecting to a HKP server through a buggy http |
| 99 | +# proxy, you can use keyserver option broken-http-proxy (see below), |
| 100 | +# but first you should make sure that you have read the man page |
| 101 | +# regarding proxies (keyserver option honor-http-proxy) |
| 102 | +# |
| 103 | +# Most users just set the name and type of their preferred keyserver. |
| 104 | +# Note that most servers (with the notable exception of |
| 105 | +# ldap://keyserver.pgp.com) synchronize changes with each other. Note |
| 106 | +# also that a single server name may actually point to multiple |
| 107 | +# servers via DNS round-robin. hkp://keys.gnupg.net is an example of |
| 108 | +# such a "server", which spreads the load over a number of physical |
| 109 | +# servers. To see the IP address of the server actually used, you may use |
| 110 | +# the "--keyserver-options debug". |
| 111 | + |
| 112 | +keyserver hkps://hkps.pool.sks-keyservers.net |
| 113 | + |
| 114 | + |
| 115 | +# Common options for keyserver functions: |
| 116 | +# |
| 117 | +# include-disabled = when searching, include keys marked as "disabled" |
| 118 | +# on the keyserver (not all keyservers support this). |
| 119 | +# |
| 120 | +# no-include-revoked = when searching, do not include keys marked as |
| 121 | +# "revoked" on the keyserver. |
| 122 | +# |
| 123 | +# verbose = show more information as the keys are fetched. |
| 124 | +# Can be used more than once to increase the amount |
| 125 | +# of information shown. |
| 126 | +# |
| 127 | +# use-temp-files = use temporary files instead of a pipe to talk to the |
| 128 | +# keyserver. Some platforms (Win32 for one) always |
| 129 | +# have this on. |
| 130 | +# |
| 131 | +# keep-temp-files = do not delete temporary files after using them |
| 132 | +# (really only useful for debugging) |
| 133 | +# |
| 134 | +# honor-http-proxy = if the keyserver uses HTTP, honor the http_proxy |
| 135 | +# environment variable |
| 136 | +# |
| 137 | +# broken-http-proxy = try to work around a buggy HTTP proxy |
| 138 | +# |
| 139 | +# auto-key-retrieve = automatically fetch keys as needed from the keyserver |
| 140 | +# when verifying signatures or when importing keys that |
| 141 | +# have been revoked by a revocation key that is not |
| 142 | +# present on the keyring. |
| 143 | +# |
| 144 | +# no-include-attributes = do not include attribute IDs (aka "photo IDs") |
| 145 | +# when sending keys to the keyserver. |
| 146 | + |
| 147 | +keyserver-options auto-key-retrieve |
| 148 | + |
| 149 | + |
| 150 | +# Uncomment this line to display photo user IDs in key listings and |
| 151 | +# when a signature from a key with a photo is verified. |
| 152 | + |
| 153 | +#show-photos |
| 154 | + |
| 155 | + |
| 156 | +# Use this program to display photo user IDs |
| 157 | +# |
| 158 | +# %i is expanded to a temporary file that contains the photo. |
| 159 | +# %I is the same as %i, but the file isn't deleted afterwards by GnuPG. |
| 160 | +# %k is expanded to the key ID of the key. |
| 161 | +# %K is expanded to the long OpenPGP key ID of the key. |
| 162 | +# %t is expanded to the extension of the image (e.g. "jpg"). |
| 163 | +# %T is expanded to the MIME type of the image (e.g. "image/jpeg"). |
| 164 | +# %f is expanded to the fingerprint of the key. |
| 165 | +# %% is %, of course. |
| 166 | +# |
| 167 | +# If %i or %I are not present, then the photo is supplied to the |
| 168 | +# viewer on standard input. If your platform supports it, standard |
| 169 | +# input is the best way to do this as it avoids the time and effort in |
| 170 | +# generating and then cleaning up a secure temp file. |
| 171 | +# |
| 172 | +# The default program is "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin" |
| 173 | +# On Mac OS X and Windows, the default is to use your regular JPEG image |
| 174 | +# viewer. |
| 175 | +# |
| 176 | +# Some other viewers: |
| 177 | +# photo-viewer "qiv %i" |
| 178 | +# photo-viewer "ee %i" |
| 179 | +# photo-viewer "display -title 'KeyID 0x%k'" |
| 180 | +# |
| 181 | +# This one saves a copy of the photo ID in your home directory: |
| 182 | +# photo-viewer "cat > ~/photoid-for-key-%k.%t" |
| 183 | +# |
| 184 | +# Use your MIME handler to view photos: |
| 185 | +# photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG" |
| 186 | + |
| 187 | + |
| 188 | + |
| 189 | +# -=-=-=-=-=-=-=-=-=-=-=-=-=- Options for GPGTools -=-=-=-=-=-=-=-=-=-=-=-=-=- |
| 190 | + |
| 191 | +# Automatic key location |
| 192 | +# |
| 193 | +# GnuPG can automatically locate and retrieve keys as needed using the |
| 194 | +# auto-key-locate option. This happens when encrypting to an email |
| 195 | +# address (in the " [email protected]" form), and there are no |
| 196 | +# [email protected] keys on the local keyring. This option takes the |
| 197 | +# following arguments, in the order they are to be tried: |
| 198 | +# |
| 199 | +# cert = locate a key using DNS CERT, as specified in RFC-4398. |
| 200 | +# GnuPG can handle both the PGP (key) and IPGP (URL + fingerprint) |
| 201 | +# CERT methods. |
| 202 | +# |
| 203 | +# pka = locate a key using DNS PKA. |
| 204 | +# |
| 205 | +# ldap = locate a key using the PGP Universal method of checking |
| 206 | +# "ldap://keys.(thedomain)". For example, encrypting to |
| 207 | +# [email protected] will check ldap://keys.example.com. |
| 208 | +# |
| 209 | +# keyserver = locate a key using whatever keyserver is defined using |
| 210 | +# the keyserver option. |
| 211 | +# |
| 212 | +# You may also list arbitrary keyservers here by URL. |
| 213 | +# |
| 214 | +# Try CERT, then PKA, then LDAP, then hkp://keys.gnupg.net: |
| 215 | +auto-key-locate keyserver |
| 216 | +auto-key-locate hkps://hkps.pool.sks-keyservers.net |
| 217 | + |
| 218 | + |
| 219 | +# Set a list of preferred hash algorythms and cyphers |
| 220 | +cert-digest-algo SHA512 |
| 221 | +default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed |
| 222 | +personal-digest-preferences SHA512 SHA384 SHA256 SHA224 |
| 223 | +emit-version |
| 224 | + |
| 225 | +# Prefer AES256 for symmetric encryptions |
| 226 | +cipher-algo AES256 |
| 227 | + |
0 commit comments