shell-things/gpg/gpg.conf

# Options for GnuPG
# Copyright 1998, 1999, 2000, 2001, 2002, 2003,
#           2010 Free Software Foundation, Inc.
#           2012 - 2018 Mikaela Suomalainen
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
# 
# This file is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# Unless you specify which option file to use (with the command line
# option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf
# by default.
#
# An options file can contain any long options which are available in
# GnuPG. If the first non white space character of a line is a '#',
# this line is ignored.  Empty lines are also ignored.
#
# See the man page for a list of options.

# This is one of the most used keyservers as far as I know.
#keyserver hkp://pool.sks-keyservers.net
keyserver-options auto-key-retrieve no-include-revoked
#import-clean

# Try to automatically find keys from keyserver if key for email address isn't found, but we are encrypting to email address.
auto-key-locate keyserver

# Use my key by default
#default-key 0x0C207F07B2F32B67 # MIKAELA_GREP # MIKAELA_GREP_GPG

# Encrypt to sender's key by default
default-recipient-self

# Always encrypt to my key
#encrypt-to 0x0C207F07B2F32B67# MIKAELA_GREP MIKAELA_GREP_GPG

# Use UTF-8 charset
charset UTF-8
display-charset utf-8

# use GPG Agent to avoid retyping passphrase very often.
use-agent

# Do everything in ASCII format by default instead of binary
armor

# Note to self: import-clean = delete signatures from unknown keys || import-minimal = remove all signatures from keys.

#personal-cipher-preferences AES256,AES192,AES,CAST5,3DES
#personal-digest-preferences SHA512,SHA384,SHA256,SHA224,RIPEMD160,SHA1,MD5
#personal-compress-preferences BZIP2,ZLIB,ZIP

# Default preferences 
#default-preference-list AES256,AES192,AES,CAST5,3DES SHA512,SHA384,SHA256,SHA224,RIPEMD160,SHA1,MD5 BZIP2,ZLIB,ZIP
#default-keyserver-url hkp://pool.sks-keyservers.net

# Forcing preferred settings even if it's against OpenPGP standards
#cert-digest-algo SHA512
#digest-algo SHA512
#compress-algo BZIP2

#no-allow-non-selfsigned-uid
#allow-multiple-messages

# Show the LONG KEYID and fingerprint by default and tell that it's hexadecimal string.
keyid-format 0xLONG
with-fingerprint

# Use Eye Of Gnome as default image viewer
photo-viewer eom %i

# The default to use for the check level when signing a key.
#default-cert-level 2

#lock-multiple

expert
#verbose
#verbose
#verbose

# Teach to be careful with sensitive things by exporting them like everything else
#import-options import-local-sigs import-clean
#export-options export-local-sigs export-attributes export-sensitive-revkeys export-clean

# Ask everything
ask-cert-level
ask-cert-expire

# Copying https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defaults
# when outputting certificates, view user IDs distinctly from keys:
fixed-list-mode
# You should always know at a glance which User IDs gpg thinks are legitimately bound to the keys in your keyring:
verify-options show-uid-validity
list-options show-uid-validity

# Add comments to things signed/encrypted by gpg
#comment Website: https://mikaela.info/ # MIKAELA_GREP MIKAELA_GREP_GPG
#comment Public key: https://mikaela.info/PGP/0xB2F32B67.txt # MIKAELA_GREP MIKAELA_GREP_GPG
#comment gpg --fetch-keys https://mikaela.info/PGP/0xB2F32B67.txt # MIKAELA_GREP MIKAELA_GREP_GPG
#comment Fingerprint = 2910 4A46 C561 5BF9 78A0 83F2 0C20 7F07 B2F3 2B67 # MIKAELA_GREP MIKAELA_GREP_GPG
add gpg.conf. It's enough related to shell-things. 2012-03-22 13:45:01 +01:00			`# Options for GnuPG`
			`# Copyright 1998, 1999, 2000, 2001, 2002, 2003,`
			`# 2010 Free Software Foundation, Inc.`
gpg.conf: comment things I don't understand etc. keyserver is not needed with GPGv2, I have no idea what some of those options do and thus have suspect that they make my GPG more insecure and I have used MATE for years and don't have eog available. 2018-09-18 20:37:28 +02:00			`# 2012 - 2018 Mikaela Suomalainen`
add gpg.conf. It's enough related to shell-things. 2012-03-22 13:45:01 +01:00			`# This file is free software; as a special exception the author gives`
			`# unlimited permission to copy and/or distribute it, with or without`
			`# modifications, as long as this notice is preserved.`
			`#`
			`# This file is distributed in the hope that it will be useful, but`
			`# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the`
			`# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.`
			`#`
			`# Unless you specify which option file to use (with the command line`
			`# option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf`
			`# by default.`
			`#`
			`# An options file can contain any long options which are available in`
			`# GnuPG. If the first non white space character of a line is a '#',`
			`# this line is ignored. Empty lines are also ignored.`
			`#`
			`# See the man page for a list of options.`

gpg.conf: add comments 2012-12-21 12:19:49 +01:00			`# This is one of the most used keyservers as far as I know.`
gpg.conf: comment things I don't understand etc. keyserver is not needed with GPGv2, I have no idea what some of those options do and thus have suspect that they make my GPG more insecure and I have used MATE for years and don't have eog available. 2018-09-18 20:37:28 +02:00			`#keyserver hkp://pool.sks-keyservers.net`
gpg.conf: fix keyserver-options verbose complained about unknown option and as I am not using hkps, I don't need no-honor-keyserver 2015-06-02 09:46:58 +02:00			`keyserver-options auto-key-retrieve no-include-revoked`
gpg.conf: comment import-minimal it's currently causing me difficulties. 2015-01-10 12:49:58 +01:00			`#import-clean`
gnupg/gpg.conf: add http://keyserver.pgp.com/ to keyserver list. 2012-08-11 09:56:01 +02:00
gpg.conf: I Read The Fine Manual and learned many things... 2012-12-21 18:50:44 +01:00			`# Try to automatically find keys from keyserver if key for email address isn't found, but we are encrypting to email address.`
			`auto-key-locate keyserver`

gpg.conf: add comments 2012-12-21 12:19:49 +01:00			`# Use my key by default`
bashrc & gpg.conf & zshrc: remove more MKAYSI 2014-10-09 19:25:11 +02:00			`#default-key 0x0C207F07B2F32B67 # MIKAELA_GREP # MIKAELA_GREP_GPG`
gpg.conf: add comments 2012-12-21 12:19:49 +01:00
			`# Encrypt to sender's key by default`
add gpg.conf. It's enough related to shell-things. 2012-03-22 13:45:01 +01:00			`default-recipient-self`
gpg.conf: add comments 2012-12-21 12:19:49 +01:00
			`# Always encrypt to my key`
bashrc & gpg.conf & zshrc: remove more MKAYSI 2014-10-09 19:25:11 +02:00			`#encrypt-to 0x0C207F07B2F32B67# MIKAELA_GREP MIKAELA_GREP_GPG`
gpg.conf: add comments 2012-12-21 12:19:49 +01:00
			`# Use UTF-8 charset`
add gpg.conf. It's enough related to shell-things. 2012-03-22 13:45:01 +01:00			`charset UTF-8`
gpg.conf: I Read The Fine Manual and learned many things... 2012-12-21 18:50:44 +01:00			`display-charset utf-8`
gpg.conf: add comments 2012-12-21 12:19:49 +01:00
gpg.conf: comment things I don't understand etc. keyserver is not needed with GPGv2, I have no idea what some of those options do and thus have suspect that they make my GPG more insecure and I have used MATE for years and don't have eog available. 2018-09-18 20:37:28 +02:00			`# use GPG Agent to avoid retyping passphrase very often.`
gnupg/gpg.conf: use ASCII instead of binary by default. (No need to specify -a). 2012-08-06 11:16:56 +02:00			`use-agent`
gpg.conf: add comments 2012-12-21 12:19:49 +01:00
			`# Do everything in ASCII format by default instead of binary`
gnupg/gpg.conf: use ASCII instead of binary by default. (No need to specify -a). 2012-08-06 11:16:56 +02:00			`armor`
gpg.conf: add comments 2012-12-21 12:19:49 +01:00
gnupg/gpg.conf: add (commented) note to self about difference of import-clean and import-minimal. 2012-07-25 17:56:09 +02:00			`# Note to self: import-clean = delete signatures from unknown keys \|\| import-minimal = remove all signatures from keys.`
gpg.conf: add PGPNET group line. 2012-05-30 16:37:33 +02:00
gpg.conf: comment things I don't understand etc. keyserver is not needed with GPGv2, I have no idea what some of those options do and thus have suspect that they make my GPG more insecure and I have used MATE for years and don't have eog available. 2018-09-18 20:37:28 +02:00			`#personal-cipher-preferences AES256,AES192,AES,CAST5,3DES`
			`#personal-digest-preferences SHA512,SHA384,SHA256,SHA224,RIPEMD160,SHA1,MD5`
			`#personal-compress-preferences BZIP2,ZLIB,ZIP`
gpg.conf: I Read The Fine Manual and learned many things... 2012-12-21 18:50:44 +01:00
			`# Default preferences`
gpg.conf: comment things I don't understand etc. keyserver is not needed with GPGv2, I have no idea what some of those options do and thus have suspect that they make my GPG more insecure and I have used MATE for years and don't have eog available. 2018-09-18 20:37:28 +02:00			`#default-preference-list AES256,AES192,AES,CAST5,3DES SHA512,SHA384,SHA256,SHA224,RIPEMD160,SHA1,MD5 BZIP2,ZLIB,ZIP`
			`#default-keyserver-url hkp://pool.sks-keyservers.net`
gpg.conf: I Read The Fine Manual and learned many things... 2012-12-21 18:50:44 +01:00
			`# Forcing preferred settings even if it's against OpenPGP standards`
gpg.conf: comment things I don't understand etc. keyserver is not needed with GPGv2, I have no idea what some of those options do and thus have suspect that they make my GPG more insecure and I have used MATE for years and don't have eog available. 2018-09-18 20:37:28 +02:00			`#cert-digest-algo SHA512`
			`#digest-algo SHA512`
			`#compress-algo BZIP2`
gpg.conf: I Read The Fine Manual and learned many things... 2012-12-21 18:50:44 +01:00
gpg.conf: comment things I don't understand etc. keyserver is not needed with GPGv2, I have no idea what some of those options do and thus have suspect that they make my GPG more insecure and I have used MATE for years and don't have eog available. 2018-09-18 20:37:28 +02:00			`#no-allow-non-selfsigned-uid`
			`#allow-multiple-messages`
gnupg/gpg.conf: add commented line to use SHA256 instead of SHA1. Currently thinking should I uncomment it. 2012-07-11 09:31:11 +02:00
gpg.conf: show fingerprints by default (e.g --list-keys) and add export... ...ing options to teach to be careful and add commented throw-keyid 2012-12-22 15:43:34 +01:00			`# Show the LONG KEYID and fingerprint by default and tell that it's hexadecimal string.`
gpg.conf: Set default keyid-format to 0xLONG. 2012-07-26 12:17:43 +02:00			`keyid-format 0xLONG`
gpg.conf: show fingerprints by default (e.g --list-keys) and add export... ...ing options to teach to be careful and add commented throw-keyid 2012-12-22 15:43:34 +01:00			`with-fingerprint`
gnupg/gpg.conf: Show LONG KEYID by default with "--list-keys". 2012-07-24 09:32:53 +02:00
gpg.conf: I Read The Fine Manual and learned many things... 2012-12-21 18:50:44 +01:00			`# Use Eye Of Gnome as default image viewer`
gpg.conf: comment things I don't understand etc. keyserver is not needed with GPGv2, I have no idea what some of those options do and thus have suspect that they make my GPG more insecure and I have used MATE for years and don't have eog available. 2018-09-18 20:37:28 +02:00			`photo-viewer eom %i`
gpg.conf: I Read The Fine Manual and learned many things... 2012-12-21 18:50:44 +01:00
			`# The default to use for the check level when signing a key.`
gpg.conf: comment default-cert level, it's confusing 2013-01-05 20:44:40 +01:00			`#default-cert-level 2`
gpg.conf: I Read The Fine Manual and learned many things... 2012-12-21 18:50:44 +01:00
gpg.conf: comment things I don't understand etc. keyserver is not needed with GPGv2, I have no idea what some of those options do and thus have suspect that they make my GPG more insecure and I have used MATE for years and don't have eog available. 2018-09-18 20:37:28 +02:00			`#lock-multiple`
gpg.conf: I Read The Fine Manual and learned many things... 2012-12-21 18:50:44 +01:00
			`expert`
gpg: disable verbosity && add more to .travis.yml 2014-05-23 15:21:14 +02:00			`#verbose`
			`#verbose`
			`#verbose`
gpg.conf: I Read The Fine Manual and learned many things... 2012-12-21 18:50:44 +01:00
gpg.conf: show fingerprints by default (e.g --list-keys) and add export... ...ing options to teach to be careful and add commented throw-keyid 2012-12-22 15:43:34 +01:00			`# Teach to be careful with sensitive things by exporting them like everything else`
gpg.conf: comment things I don't understand etc. keyserver is not needed with GPGv2, I have no idea what some of those options do and thus have suspect that they make my GPG more insecure and I have used MATE for years and don't have eog available. 2018-09-18 20:37:28 +02:00			`#import-options import-local-sigs import-clean`
			`#export-options export-local-sigs export-attributes export-sensitive-revkeys export-clean`
gpg.conf: show fingerprints by default (e.g --list-keys) and add export... ...ing options to teach to be careful and add commented throw-keyid 2012-12-22 15:43:34 +01:00
gpg.conf: ask signature expire time & trust level 2013-01-17 15:48:48 +01:00			`# Ask everything`
			`ask-cert-level`
			`ask-cert-expire`
gpg.conf: show fingerprints by default (e.g --list-keys) and add export... ...ing options to teach to be careful and add commented throw-keyid 2012-12-22 15:43:34 +01:00
gpg.conf: copy https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defaults 2013-02-26 11:18:20 +01:00			`# Copying https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defaults`
			`# when outputting certificates, view user IDs distinctly from keys:`
			`fixed-list-mode`
			`# You should always know at a glance which User IDs gpg thinks are legitimately bound to the keys in your keyring:`
			`verify-options show-uid-validity`
			`list-options show-uid-validity`

gpg.conf: add comments 2012-12-21 12:19:49 +01:00			`# Add comments to things signed/encrypted by gpg`
gpg.conf: s/homepage/website/ 2016-02-26 13:58:54 +01:00			`#comment Website: https://mikaela.info/ # MIKAELA_GREP MIKAELA_GREP_GPG`
gpg.conf: use https 2015-02-04 18:55:31 +01:00			`#comment Public key: https://mikaela.info/PGP/0xB2F32B67.txt # MIKAELA_GREP MIKAELA_GREP_GPG`
			`#comment gpg --fetch-keys https://mikaela.info/PGP/0xB2F32B67.txt # MIKAELA_GREP MIKAELA_GREP_GPG`
bashrc & gpg.conf & zshrc: remove more MKAYSI 2014-10-09 19:25:11 +02:00			`#comment Fingerprint = 2910 4A46 C561 5BF9 78A0 83F2 0C20 7F07 B2F3 2B67 # MIKAELA_GREP MIKAELA_GREP_GPG`