# Options for GnuPG # Copyright 1998, 1999, 2000, 2001, 2002, 2003, # 2010 Free Software Foundation, Inc. # 2012 - 2018 Mikaela Suomalainen # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # # This file is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # # Unless you specify which option file to use (with the command line # option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf # by default. # # An options file can contain any long options which are available in # GnuPG. If the first non white space character of a line is a '#', # this line is ignored. Empty lines are also ignored. # # See the man page for a list of options. # Use my key by default #default-key 0x99392F62BAE30723 # MIKAELA_GREP # MIKAELA_GREP_GPG # WTOP #default-key 0xDC189FE6FA9BD685 # MIKAELA_GREP # MIKAELA_GREP_GPG # Ignore preferred keyserver keyserver-options no-honor-keyserver-url # The defaults are apparently self-sigs-only,import-clean starting from # gpg 2.2.17, but there seem to be controversial views on them and I am # not sure what way to go, so I am opting to trust the distribution. # Debian uses self-sigs-only (while I would be fine with import-clean) # * https://dev.gnupg.org/T4628#128513 # Arch Linux reverts the change going by no-self-sigs-only,no-import-clean # * https://bugs.archlinux.org/task/63147 # Try to automatically find keys from local/wkd if key for email address isn't found, but we are encrypting to email address. auto-key-retrieve auto-key-locate local,wkd # Encrypt to sender's key by default default-recipient-self # I don't think there is point in "encrypt-to 0xOWNKEYID, because there # is the default-recipient-self above. # Use UTF-8 charset charset UTF-8 display-charset utf-8 # use GPG Agent to avoid retyping passphrase very often. use-agent # Do everything in ASCII format by default instead of binary armor # Show the LONG KEYID and fingerprint by default and tell that it's hexadecimal string. keyid-format 0xLONG with-fingerprint with-wkd-hash # Ask everything ask-cert-level ask-cert-expire # Copying https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defaults # when outputting certificates, view user IDs distinctly from keys: fixed-list-mode # You should always know at a glance which User IDs gpg thinks are legitimately bound to the keys in your keyring: verify-options show-uid-validity list-options show-uid-validity # Disable comments no-comments # Don't output version, small chance of having people put same keys on IPFS no-emit-version