sebbu

gpg.conf

Aug 14th, 2021 (edited)
256
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
INI file 10.54 KB | None | 0 0
  1. # Options for GnuPG
  2. # Copyright 1998, 1999, 2000, 2001, 2002, 2003,
  3. #           2010 Free Software Foundation, Inc.
  4. #
  5. # This file is free software; as a special exception the author gives
  6. # unlimited permission to copy and/or distribute it, with or without
  7. # modifications, as long as this notice is preserved.
  8. #
  9. # This file is distributed in the hope that it will be useful, but
  10. # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
  11. # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  12. #
  13. # Unless you specify which option file to use (with the command line
  14. # option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf
  15. # by default.
  16. #
  17. # An options file can contain any long options which are available in
  18. # GnuPG. If the first non white space character of a line is a '#',
  19. # this line is ignored.  Empty lines are also ignored.
  20. #
  21. # See the man page for a list of options.
  22.  
  23. # Uncomment the following option to get rid of the copyright notice
  24.  
  25. no-greeting
  26.  
  27. # If you have more than 1 secret key in your keyring, you may want to
  28. # uncomment the following option and set your preferred keyid.
  29.  
  30. default-key 0x2409909AABDCDE3B
  31.  
  32. # If you do not pass a recipient to gpg, it will ask for one.  Using
  33. # this option you can encrypt to a default key.  Key validation will
  34. # not be done in this case.  The second form uses the default key as
  35. # default recipient.
  36.  
  37. #default-recipient some-user-id
  38. default-recipient-self
  39.  
  40. # Use --encrypt-to to add the specified key as a recipient to all
  41. # messages.  This is useful, for example, when sending mail through a
  42. # mail client that does not automatically encrypt mail to your key.
  43. # In the example, this option allows you to read your local copy of
  44. # encrypted mail that you've sent to others.
  45.  
  46. #encrypt-to some-key-id
  47. encrypt-to 0x2409909AABDCDE3B
  48.  
  49. # By default GnuPG creates version 4 signatures for data files as
  50. # specified by OpenPGP.  Some earlier (PGP 6, PGP 7) versions of PGP
  51. # require the older version 3 signatures.  Setting this option forces
  52. # GnuPG to create version 3 signatures.
  53.  
  54. #force-v3-sigs
  55.  
  56. # Because some mailers change lines starting with "From " to ">From "
  57. # it is good to handle such lines in a special way when creating
  58. # cleartext signatures; all other PGP versions do it this way too.
  59.  
  60. #no-escape-from-lines
  61.  
  62. # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell
  63. # GnuPG which is the native character set.  Please check the man page
  64. # for supported character sets.  This character set is only used for
  65. # metadata and not for the actual message which does not undergo any
  66. # translation.  Note that future version of GnuPG will change to UTF-8
  67. # as default character set.  In most cases this option is not required
  68. # as GnuPG is able to figure out the correct charset at runtime.
  69.  
  70. charset utf-8
  71.  
  72. # Group names may be defined like this:
  73. #   group mynames = paige 0x12345678 joe patti
  74. #
  75. # Any time "mynames" is a recipient (-r or --recipient), it will be
  76. # expanded to the names "paige", "joe", and "patti", and the key ID
  77. # "0x12345678".  Note there is only one level of expansion - you
  78. # cannot make an group that points to another group.  Note also that
  79. # if there are spaces in the recipient name, this will appear as two
  80. # recipients.  In these cases it is better to use the key ID.
  81.  
  82. #group mynames = paige 0x12345678 joe patti
  83.  
  84. # Lock the file only once for the lifetime of a process.  If you do
  85. # not define this, the lock will be obtained and released every time
  86. # it is needed, which is usually preferable.
  87.  
  88. #lock-once
  89.  
  90. # GnuPG can send and receive keys to and from a keyserver.  These
  91. # servers can be HKP, email, or LDAP (if GnuPG is built with LDAP
  92. # support).
  93. #
  94. # Example HKP keyserver:
  95. #      hkp://keys.gnupg.net
  96. #      hkp://subkeys.pgp.net
  97. #
  98. # Example email keyserver:
  99. #      mailto:pgp-public-keys@keys.pgp.net
  100. #
  101. # Example LDAP keyservers:
  102. #      ldap://keyserver.pgp.com
  103. #
  104. # Regular URL syntax applies, and you can set an alternate port
  105. # through the usual method:
  106. #      hkp://keyserver.example.net:22742
  107. #
  108. # Most users just set the name and type of their preferred keyserver.
  109. # Note that most servers (with the notable exception of
  110. # ldap://keyserver.pgp.com) synchronize changes with each other.  Note
  111. # also that a single server name may actually point to multiple
  112. # servers via DNS round-robin.  hkp://keys.gnupg.net is an example of
  113. # such a "server", which spreads the load over a number of physical
  114. # servers.  To see the IP address of the server actually used, you may use
  115. # the "--keyserver-options debug".
  116.  
  117. #keyserver hkp://keys.gnupg.net
  118. keyserver hkps://keys.openpgp.org
  119. #keyserver hkps://keyserver.ubuntu.com
  120. #keyserver mailto:pgp-public-keys@keys.nl.pgp.net
  121. #keyserver ldap://keyserver.pgp.com
  122.  
  123. # Uncomment the following option to get rid of the copyright notice
  124.  
  125. no-greeting
  126.  
  127. # Disable inclusion of the version string in ASCII armored output
  128.  
  129. no-emit-version
  130.  
  131. # Disable comment string in clear text signatures and ASCII armored messages
  132.  
  133. no-comments
  134.  
  135. # Display long key IDs
  136.  
  137. keyid-format 0xlong
  138.  
  139. #allow-loopback-pinentry
  140. pinentry-mode loopback
  141.  
  142. # List all keys (or the specified ones) along with ther fingerprints
  143.  
  144. with-fingerprint
  145. with-subkey-fingerprint
  146.  
  147. # Display the calculated validity of user IDs during key listings
  148.  
  149. list-options show-uid-validity
  150. verify-options show-uid-validity
  151.  
  152. # Prioritize stronger algorithms for new keys.
  153. personal-cipher-preferences AES256 AES
  154. personal-digest-preferences SHA256 SHA512
  155. personal-compress-preferences Uncompressed
  156. default-preference-list SHA256 SHA512 AES256 AES Uncompressed
  157. #default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
  158.  
  159. # Use a stronger digest than the default SHA1 for certifications.
  160. cert-digest-algo SHA256
  161.  
  162. s2k-cipher-algo AES256
  163. s2k-digest-algo SHA256
  164. s2k-mode 3
  165. s2k-count 65011712
  166.  
  167. disable-cipher-algo 3DES
  168. weak-digest SHA1
  169. force-mdc
  170.  
  171. # Common options for keyserver functions:
  172. #
  173. # include-disabled : when searching, include keys marked as "disabled"
  174. #                    on the keyserver (not all keyservers support this).
  175. #
  176. # no-include-revoked : when searching, do not include keys marked as
  177. #                      "revoked" on the keyserver.
  178. #
  179. # verbose : show more information as the keys are fetched.
  180. #           Can be used more than once to increase the amount
  181. #           of information shown.
  182. #
  183. # use-temp-files : use temporary files instead of a pipe to talk to the
  184. #                  keyserver.  Some platforms (Win32 for one) always
  185. #                  have this on.
  186. #
  187. # keep-temp-files : do not delete temporary files after using them
  188. #                   (really only useful for debugging)
  189. #
  190. # http-proxy="proxy" : set the proxy to use for HTTP and HKP keyservers.
  191. #                      This overrides the "http_proxy" environment variable,
  192. #                      if any.
  193. #
  194. # auto-key-retrieve : automatically fetch keys as needed from the keyserver
  195. #                     when verifying signatures or when importing keys that
  196. #                     have been revoked by a revocation key that is not
  197. #                     present on the keyring.
  198. #
  199. # no-include-attributes : do not include attribute IDs (aka "photo IDs")
  200. #                         when sending keys to the keyserver.
  201.  
  202. #keyserver-options auto-key-retrieve
  203.  
  204. # Display photo user IDs in key listings
  205.  
  206. # list-options show-photos
  207.  
  208. # Display photo user IDs when a signature from a key with a photo is
  209. # verified
  210.  
  211. # verify-options show-photos
  212.  
  213. # Use this program to display photo user IDs
  214. #
  215. # %i is expanded to a temporary file that contains the photo.
  216. # %I is the same as %i, but the file isn't deleted afterwards by GnuPG.
  217. # %k is expanded to the key ID of the key.
  218. # %K is expanded to the long OpenPGP key ID of the key.
  219. # %t is expanded to the extension of the image (e.g. "jpg").
  220. # %T is expanded to the MIME type of the image (e.g. "image/jpeg").
  221. # %f is expanded to the fingerprint of the key.
  222. # %% is %, of course.
  223. #
  224. # If %i or %I are not present, then the photo is supplied to the
  225. # viewer on standard input.  If your platform supports it, standard
  226. # input is the best way to do this as it avoids the time and effort in
  227. # generating and then cleaning up a secure temp file.
  228. #
  229. # If no photo-viewer is provided, GnuPG will look for xloadimage, eog,
  230. # or display (ImageMagick).  On Mac OS X and Windows, the default is
  231. # to use your regular JPEG image viewer.
  232. #
  233. # Some other viewers:
  234. # photo-viewer "qiv %i"
  235. # photo-viewer "ee %i"
  236. #
  237. # This one saves a copy of the photo ID in your home directory:
  238. # photo-viewer "cat > ~/photoid-for-key-%k.%t"
  239. #
  240. # Use your MIME handler to view photos:
  241. # photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG"
  242.  
  243. # Passphrase agent
  244. #
  245. # We support the old experimental passphrase agent protocol as well as
  246. # the new Assuan based one (currently available in the "newpg" package
  247. # at ftp.gnupg.org/gcrypt/alpha/aegypten/).  To make use of the agent,
  248. # you have to run an agent as daemon and use the option
  249. #
  250. # use-agent
  251. #
  252. # which tries to use the agent but will fallback to the regular mode
  253. # if there is a problem connecting to the agent.  The normal way to
  254. # locate the agent is by looking at the environment variable
  255. # GPG_AGENT_INFO which should have been set during gpg-agent startup.
  256. # In certain situations the use of this variable is not possible, thus
  257. # the option
  258. #
  259. # --gpg-agent-info=<path>:<pid>:1
  260. #
  261. # may be used to override it.
  262.  
  263. # Automatic key location
  264. #
  265. # GnuPG can automatically locate and retrieve keys as needed using the
  266. # auto-key-locate option.  This happens when encrypting to an email
  267. # address (in the "user@example.com" form), and there are no
  268. # user@example.com keys on the local keyring.  This option takes the
  269. # following arguments, in the order they are to be tried:
  270. #
  271. # cert = locate a key using DNS CERT, as specified in RFC-4398.
  272. #        GnuPG can handle both the PGP (key) and IPGP (URL + fingerprint)
  273. #        CERT methods.
  274. #
  275. # pka = locate a key using DNS PKA.
  276. #
  277. # ldap = locate a key using the PGP Universal method of checking
  278. #        "ldap://keys.(thedomain)".  For example, encrypting to
  279. #        user@example.com will check ldap://keys.example.com.
  280. #
  281. # keyserver = locate a key using whatever keyserver is defined using
  282. #             the keyserver option.
  283. #
  284. # You may also list arbitrary keyservers here by URL.
  285. #
  286. # Try CERT, then PKA, then LDAP, then hkp://subkeys.net:
  287. #auto-key-locate cert pka ldap hkp://subkeys.pgp.net
  288. auto-key-locate dane, pka, cert, wkd, ldap, keyserver
  289.  
  290.  
Add Comment
Please, Sign In to add comment