shell-things/.mikaela/gpg.conf

# Options for GnuPG
# Copyright 1998, 1999, 2000, 2001, 2002, 2003,
#           2010 Free Software Foundation, Inc.
#           2012 - 2018 Mikaela Suomalainen
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
# 
# This file is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# Unless you specify which option file to use (with the command line
# option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf
# by default.
#
# An options file can contain any long options which are available in
# GnuPG. If the first non white space character of a line is a '#',
# this line is ignored.  Empty lines are also ignored.
#
# See the man page for a list of options.

# Use my key by default
default-key 0x99392F62BAE30723
# WTOP
#default-key 0xDC189FE6FA9BD685

# Ignore preferred keyserver
keyserver-options no-honor-keyserver-url
# The defaults are apparently self-sigs-only,import-clean starting from
# gpg 2.2.17, but there seem to be controversial views on them and I am
# not sure what way to go, so I am opting to trust the distribution.
# Debian uses self-sigs-only (while I would be fine with import-clean)
#  * https://dev.gnupg.org/T4628#128513
# Arch Linux reverts the change going by no-self-sigs-only,no-import-clean
#  * https://bugs.archlinux.org/task/63147

# Try to automatically find keys from local/wkd if key for email address isn't found, but we are encrypting to email address.
auto-key-retrieve
auto-key-locate local,wkd


# Encrypt to sender's key by default
default-recipient-self

# I don't think there is point in "encrypt-to 0xOWNKEYID, because there
# is the default-recipient-self above.

# Use UTF-8 charset
charset UTF-8
display-charset utf-8

# use GPG Agent to avoid retyping passphrase very often.
use-agent

# Do everything in ASCII format by default instead of binary
armor

# Show the LONG KEYID and fingerprint by default and tell that it's hexadecimal string.
keyid-format 0xLONG
with-fingerprint

# Ask everything
ask-cert-level
ask-cert-expire

# Copying https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defaults
# when outputting certificates, view user IDs distinctly from keys:
fixed-list-mode
# You should always know at a glance which User IDs gpg thinks are legitimately bound to the keys in your keyring:
verify-options show-uid-validity
list-options show-uid-validity

# Disable comments
no-comments

# Don't output version, small chance of having people put same keys on IPFS
no-emit-version
MKAYSIGREP is ready 2012-12-21 13:50:51 +01:00			`# Options for GnuPG`
			`# Copyright 1998, 1999, 2000, 2001, 2002, 2003,`
			`# 2010 Free Software Foundation, Inc.`
gpg.conf: comment things I don't understand etc. keyserver is not needed with GPGv2, I have no idea what some of those options do and thus have suspect that they make my GPG more insecure and I have used MATE for years and don't have eog available. 2018-09-18 20:37:28 +02:00			`# 2012 - 2018 Mikaela Suomalainen`
MKAYSIGREP is ready 2012-12-21 13:50:51 +01:00			`# This file is free software; as a special exception the author gives`
			`# unlimited permission to copy and/or distribute it, with or without`
			`# modifications, as long as this notice is preserved.`
gpg.conf: heavy cleanup 2019-12-06 18:40:00 +01:00			`#`
MKAYSIGREP is ready 2012-12-21 13:50:51 +01:00			`# This file is distributed in the hope that it will be useful, but`
			`# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the`
			`# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.`
			`#`
			`# Unless you specify which option file to use (with the command line`
			`# option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf`
			`# by default.`
			`#`
			`# An options file can contain any long options which are available in`
			`# GnuPG. If the first non white space character of a line is a '#',`
			`# this line is ignored. Empty lines are also ignored.`
			`#`
			`# See the man page for a list of options.`

gpg.conf: put the default key on top 2019-12-06 18:41:24 +01:00			`# Use my key by default`
			`default-key 0x99392F62BAE30723`
			`# WTOP`
			`#default-key 0xDC189FE6FA9BD685`

gpg.conf: no keyserver options, document confusion 2019-12-06 19:22:32 +01:00			`# Ignore preferred keyserver`
			`keyserver-options no-honor-keyserver-url`
			`# The defaults are apparently self-sigs-only,import-clean starting from`
			`# gpg 2.2.17, but there seem to be controversial views on them and I am`
			`# not sure what way to go, so I am opting to trust the distribution.`
			`# Debian uses self-sigs-only (while I would be fine with import-clean)`
			`# * https://dev.gnupg.org/T4628#128513`
			`# Arch Linux reverts the change going by no-self-sigs-only,no-import-clean`
			`# * https://bugs.archlinux.org/task/63147`
MKAYSIGREP is ready 2012-12-21 13:50:51 +01:00
gpg.conf: adjust keyserver-options & auto-key-locate 2019-12-02 23:48:35 +01:00			`# Try to automatically find keys from local/wkd if key for email address isn't found, but we are encrypting to email address.`
gpg: add auto-key-retrieve 2019-12-05 13:51:13 +01:00			`auto-key-retrieve`
gpg.conf: adjust keyserver-options & auto-key-locate 2019-12-02 23:48:35 +01:00			`auto-key-locate local,wkd`
gpg.conf: I Read The Fine Manual and learned many things... 2012-12-21 18:50:44 +01:00
Add my work try-out-practice GPG key 2019-11-20 10:15:39 +01:00
MKAYSIGREP is ready 2012-12-21 13:50:51 +01:00			`# Encrypt to sender's key by default`
			`default-recipient-self`

gpg.conf: heavy cleanup 2019-12-06 18:40:00 +01:00			`# I don't think there is point in "encrypt-to 0xOWNKEYID, because there`
			`# is the default-recipient-self above.`
MKAYSIGREP is ready 2012-12-21 13:50:51 +01:00
			`# Use UTF-8 charset`
			`charset UTF-8`
gpg.conf: I Read The Fine Manual and learned many things... 2012-12-21 18:50:44 +01:00			`display-charset utf-8`
MKAYSIGREP is ready 2012-12-21 13:50:51 +01:00
gpg.conf: comment things I don't understand etc. keyserver is not needed with GPGv2, I have no idea what some of those options do and thus have suspect that they make my GPG more insecure and I have used MATE for years and don't have eog available. 2018-09-18 20:37:28 +02:00			`# use GPG Agent to avoid retyping passphrase very often.`
MKAYSIGREP is ready 2012-12-21 13:50:51 +01:00			`use-agent`

			`# Do everything in ASCII format by default instead of binary`
			`armor`

gpg.conf: show fingerprints by default (e.g --list-keys) and add export... ...ing options to teach to be careful and add commented throw-keyid 2012-12-22 15:43:34 +01:00			`# Show the LONG KEYID and fingerprint by default and tell that it's hexadecimal string.`
MKAYSIGREP is ready 2012-12-21 13:50:51 +01:00			`keyid-format 0xLONG`
gpg.conf: show fingerprints by default (e.g --list-keys) and add export... ...ing options to teach to be careful and add commented throw-keyid 2012-12-22 15:43:34 +01:00			`with-fingerprint`
MKAYSIGREP is ready 2012-12-21 13:50:51 +01:00
gpg.conf: ask signature expire time & trust level 2013-01-17 15:48:48 +01:00			`# Ask everything`
			`ask-cert-level`
			`ask-cert-expire`

gpg.conf: copy https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defaults 2013-02-26 11:18:20 +01:00			`# Copying https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defaults`
			`# when outputting certificates, view user IDs distinctly from keys:`
			`fixed-list-mode`
			`# You should always know at a glance which User IDs gpg thinks are legitimately bound to the keys in your keyring:`
			`verify-options show-uid-validity`
			`list-options show-uid-validity`

gpg.conf: declare WoT dead & no-comments * export-clean & import-clean are now done * my gpg won't output the comments anymore Resolves: #125 2019-08-01 11:19:44 +02:00			`# Disable comments`
			`no-comments`
gpg.conf: add no-emit-version Closes: #20 2019-08-26 19:35:43 +02:00
			`# Don't output version, small chance of having people put same keys on IPFS`
			`no-emit-version`