Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Options for GnuPG
- # Copyright 1998, 1999, 2000, 2001, 2002, 2003,
- # 2010 Free Software Foundation, Inc.
- #
- # This file is free software; as a special exception the author gives
- # unlimited permission to copy and/or distribute it, with or without
- # modifications, as long as this notice is preserved.
- #
- # This file is distributed in the hope that it will be useful, but
- # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
- # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- #
- # Unless you specify which option file to use (with the command line
- # option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf
- # by default.
- #
- # An options file can contain any long options which are available in
- # GnuPG. If the first non white space character of a line is a '#',
- # this line is ignored. Empty lines are also ignored.
- #
- # See the man page for a list of options.
- # Uncomment the following option to get rid of the copyright notice
- no-greeting
- # If you have more than 1 secret key in your keyring, you may want to
- # uncomment the following option and set your preferred keyid.
- default-key 0x2409909AABDCDE3B
- # If you do not pass a recipient to gpg, it will ask for one. Using
- # this option you can encrypt to a default key. Key validation will
- # not be done in this case. The second form uses the default key as
- # default recipient.
- #default-recipient some-user-id
- default-recipient-self
- # Use --encrypt-to to add the specified key as a recipient to all
- # messages. This is useful, for example, when sending mail through a
- # mail client that does not automatically encrypt mail to your key.
- # In the example, this option allows you to read your local copy of
- # encrypted mail that you've sent to others.
- #encrypt-to some-key-id
- encrypt-to 0x2409909AABDCDE3B
- # By default GnuPG creates version 4 signatures for data files as
- # specified by OpenPGP. Some earlier (PGP 6, PGP 7) versions of PGP
- # require the older version 3 signatures. Setting this option forces
- # GnuPG to create version 3 signatures.
- #force-v3-sigs
- # Because some mailers change lines starting with "From " to ">From "
- # it is good to handle such lines in a special way when creating
- # cleartext signatures; all other PGP versions do it this way too.
- #no-escape-from-lines
- # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell
- # GnuPG which is the native character set. Please check the man page
- # for supported character sets. This character set is only used for
- # metadata and not for the actual message which does not undergo any
- # translation. Note that future version of GnuPG will change to UTF-8
- # as default character set. In most cases this option is not required
- # as GnuPG is able to figure out the correct charset at runtime.
- charset utf-8
- # Group names may be defined like this:
- # group mynames = paige 0x12345678 joe patti
- #
- # Any time "mynames" is a recipient (-r or --recipient), it will be
- # expanded to the names "paige", "joe", and "patti", and the key ID
- # "0x12345678". Note there is only one level of expansion - you
- # cannot make an group that points to another group. Note also that
- # if there are spaces in the recipient name, this will appear as two
- # recipients. In these cases it is better to use the key ID.
- #group mynames = paige 0x12345678 joe patti
- # Lock the file only once for the lifetime of a process. If you do
- # not define this, the lock will be obtained and released every time
- # it is needed, which is usually preferable.
- #lock-once
- # GnuPG can send and receive keys to and from a keyserver. These
- # servers can be HKP, email, or LDAP (if GnuPG is built with LDAP
- # support).
- #
- # Example HKP keyserver:
- # hkp://keys.gnupg.net
- # hkp://subkeys.pgp.net
- #
- # Example email keyserver:
- # mailto:pgp-public-keys@keys.pgp.net
- #
- # Example LDAP keyservers:
- # ldap://keyserver.pgp.com
- #
- # Regular URL syntax applies, and you can set an alternate port
- # through the usual method:
- # hkp://keyserver.example.net:22742
- #
- # Most users just set the name and type of their preferred keyserver.
- # Note that most servers (with the notable exception of
- # ldap://keyserver.pgp.com) synchronize changes with each other. Note
- # also that a single server name may actually point to multiple
- # servers via DNS round-robin. hkp://keys.gnupg.net is an example of
- # such a "server", which spreads the load over a number of physical
- # servers. To see the IP address of the server actually used, you may use
- # the "--keyserver-options debug".
- #keyserver hkp://keys.gnupg.net
- keyserver hkps://keys.openpgp.org
- #keyserver hkps://keyserver.ubuntu.com
- #keyserver mailto:pgp-public-keys@keys.nl.pgp.net
- #keyserver ldap://keyserver.pgp.com
- # Uncomment the following option to get rid of the copyright notice
- no-greeting
- # Disable inclusion of the version string in ASCII armored output
- no-emit-version
- # Disable comment string in clear text signatures and ASCII armored messages
- no-comments
- # Display long key IDs
- keyid-format 0xlong
- #allow-loopback-pinentry
- pinentry-mode loopback
- # List all keys (or the specified ones) along with ther fingerprints
- with-fingerprint
- with-subkey-fingerprint
- # Display the calculated validity of user IDs during key listings
- list-options show-uid-validity
- verify-options show-uid-validity
- # Prioritize stronger algorithms for new keys.
- personal-cipher-preferences AES256 AES
- personal-digest-preferences SHA256 SHA512
- personal-compress-preferences Uncompressed
- default-preference-list SHA256 SHA512 AES256 AES Uncompressed
- #default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
- # Use a stronger digest than the default SHA1 for certifications.
- cert-digest-algo SHA256
- s2k-cipher-algo AES256
- s2k-digest-algo SHA256
- s2k-mode 3
- s2k-count 65011712
- disable-cipher-algo 3DES
- weak-digest SHA1
- force-mdc
- # Common options for keyserver functions:
- #
- # include-disabled : when searching, include keys marked as "disabled"
- # on the keyserver (not all keyservers support this).
- #
- # no-include-revoked : when searching, do not include keys marked as
- # "revoked" on the keyserver.
- #
- # verbose : show more information as the keys are fetched.
- # Can be used more than once to increase the amount
- # of information shown.
- #
- # use-temp-files : use temporary files instead of a pipe to talk to the
- # keyserver. Some platforms (Win32 for one) always
- # have this on.
- #
- # keep-temp-files : do not delete temporary files after using them
- # (really only useful for debugging)
- #
- # http-proxy="proxy" : set the proxy to use for HTTP and HKP keyservers.
- # This overrides the "http_proxy" environment variable,
- # if any.
- #
- # auto-key-retrieve : automatically fetch keys as needed from the keyserver
- # when verifying signatures or when importing keys that
- # have been revoked by a revocation key that is not
- # present on the keyring.
- #
- # no-include-attributes : do not include attribute IDs (aka "photo IDs")
- # when sending keys to the keyserver.
- #keyserver-options auto-key-retrieve
- # Display photo user IDs in key listings
- # list-options show-photos
- # Display photo user IDs when a signature from a key with a photo is
- # verified
- # verify-options show-photos
- # Use this program to display photo user IDs
- #
- # %i is expanded to a temporary file that contains the photo.
- # %I is the same as %i, but the file isn't deleted afterwards by GnuPG.
- # %k is expanded to the key ID of the key.
- # %K is expanded to the long OpenPGP key ID of the key.
- # %t is expanded to the extension of the image (e.g. "jpg").
- # %T is expanded to the MIME type of the image (e.g. "image/jpeg").
- # %f is expanded to the fingerprint of the key.
- # %% is %, of course.
- #
- # If %i or %I are not present, then the photo is supplied to the
- # viewer on standard input. If your platform supports it, standard
- # input is the best way to do this as it avoids the time and effort in
- # generating and then cleaning up a secure temp file.
- #
- # If no photo-viewer is provided, GnuPG will look for xloadimage, eog,
- # or display (ImageMagick). On Mac OS X and Windows, the default is
- # to use your regular JPEG image viewer.
- #
- # Some other viewers:
- # photo-viewer "qiv %i"
- # photo-viewer "ee %i"
- #
- # This one saves a copy of the photo ID in your home directory:
- # photo-viewer "cat > ~/photoid-for-key-%k.%t"
- #
- # Use your MIME handler to view photos:
- # photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG"
- # Passphrase agent
- #
- # We support the old experimental passphrase agent protocol as well as
- # the new Assuan based one (currently available in the "newpg" package
- # at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent,
- # you have to run an agent as daemon and use the option
- #
- # use-agent
- #
- # which tries to use the agent but will fallback to the regular mode
- # if there is a problem connecting to the agent. The normal way to
- # locate the agent is by looking at the environment variable
- # GPG_AGENT_INFO which should have been set during gpg-agent startup.
- # In certain situations the use of this variable is not possible, thus
- # the option
- #
- # --gpg-agent-info=<path>:<pid>:1
- #
- # may be used to override it.
- # Automatic key location
- #
- # GnuPG can automatically locate and retrieve keys as needed using the
- # auto-key-locate option. This happens when encrypting to an email
- # address (in the "user@example.com" form), and there are no
- # user@example.com keys on the local keyring. This option takes the
- # following arguments, in the order they are to be tried:
- #
- # cert = locate a key using DNS CERT, as specified in RFC-4398.
- # GnuPG can handle both the PGP (key) and IPGP (URL + fingerprint)
- # CERT methods.
- #
- # pka = locate a key using DNS PKA.
- #
- # ldap = locate a key using the PGP Universal method of checking
- # "ldap://keys.(thedomain)". For example, encrypting to
- # user@example.com will check ldap://keys.example.com.
- #
- # keyserver = locate a key using whatever keyserver is defined using
- # the keyserver option.
- #
- # You may also list arbitrary keyservers here by URL.
- #
- # Try CERT, then PKA, then LDAP, then hkp://subkeys.net:
- #auto-key-locate cert pka ldap hkp://subkeys.pgp.net
- auto-key-locate dane, pka, cert, wkd, ldap, keyserver
Add Comment
Please, Sign In to add comment