# Options for GnuPG # Copyright 1998, 1999, 2000, 2001, 2002, 2003, # 2010 Free Software Foundation, Inc. # 2012, # 2013, # 2014 Mikaela Suomalainen (Mkaysi) https://raw.github.com/Mkaysi/shell-things/master/gpg.conf # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # # This file is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # # Unless you specify which option file to use (with the command line # option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf # by default. # # An options file can contain any long options which are available in # GnuPG. If the first non white space character of a line is a '#', # this line is ignored. Empty lines are also ignored. # # See the man page for a list of options. # This is one of the most used keyservers as far as I know. keyserver hkps://hkps.pool.sks-keyservers.net keyserver-options ca-cert-file=~/.gnupg/sks-keyservers.netCA.pem auto-key-retrieve no-include-revoked verbose no-honor-keyserver-url import-clean # Try to automatically find keys from keyserver if key for email address isn't found, but we are encrypting to email address. auto-key-locate keyserver # Use my key by default default-key 0x0C207F07B2F32B67 # Encrypt to sender's key by default default-recipient-self # Always encrypt to my key encrypt-to 0x0C207F07B2F32B67 # Use UTF-8 charset charset UTF-8 display-charset utf-8 # use GPG Agent to avoid retyping passphrase very ofoten. use-agent # Do everything in ASCII format by default instead of binary armor # Note to self: import-clean = delete signatures from unknown keys || import-minimal = remove all signatures from keys. personal-cipher-preferences AES256,AES192,AES,CAST5,3DES personal-digest-preferences SHA512,SHA384,SHA256,SHA224,RIPEMD160,SHA1,MD5 personal-compress-preferences BZIP2,ZLIB,ZIP # Default preferences default-preference-list AES256,AES192,AES,CAST5,3DES SHA512,SHA384,SHA256,SHA224,RIPEMD160,SHA1,MD5 BZIP2,ZLIB,ZIP default-keyserver-url hkps://hkps.pool.sks-keyservers.net # Forcing preferred settings even if it's against OpenPGP standards cert-digest-algo SHA512 digest-algo SHA512 compress-algo BZIP2 no-allow-non-selfsigned-uid allow-multiple-messages # Show the LONG KEYID and fingerprint by default and tell that it's hexadecimal string. keyid-format 0xLONG with-fingerprint # Use Eye Of Gnome as default image viewer photo-viewer eog %i # The default to use for the check level when signing a key. #default-cert-level 2 lock-multiple expert verbose verbose verbose # Teach to be careful with sensitive things by exporting them like everything else import-options import-local-sigs import-clean export-options export-local-sigs export-attributes export-sensitive-revkeys export-clean # Ask everything ask-cert-level ask-cert-expire # Copying https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defaults # when outputting certificates, view user IDs distinctly from keys: fixed-list-mode # You should always know at a glance which User IDs gpg thinks are legitimately bound to the keys in your keyring: verify-options show-uid-validity list-options show-uid-validity # Add comments to things signed/encrypted by gpg comment Homepage: http://mkaysi.github.io/ comment Public key: http://mkaysi.github.io/PGP/0xB2F32B67.txt comment gpg --fetch-keys http://mkaysi.github.io/PGP/0xB2F32B67.txt comment Fingerprint = 2910 4A46 C561 5BF9 78A0 83F2 0C20 7F07 B2F3 2B67 #uncomment if someone complains about information behind above link without reading it #comment ^^ explains why my signature is long and how you can hide it