shell-things/gpg.conf
2013-03-07 07:08:59 +02:00

116 lines
5.0 KiB
Plaintext

# Options for GnuPG
# Copyright 1998, 1999, 2000, 2001, 2002, 2003,
# 2010 Free Software Foundation, Inc.
# 2012,
# 2013 Mika Suomalainen (Mkaysi) https://raw.github.com/Mkaysi/shell-things/master/gpg.conf
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
#
# This file is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# Unless you specify which option file to use (with the command line
# option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf
# by default.
#
# An options file can contain any long options which are available in
# GnuPG. If the first non white space character of a line is a '#',
# this line is ignored. Empty lines are also ignored.
#
# See the man page for a list of options.
# This is one of the most used keyservers as far as I know.
keyserver hkps://hkps.pool.sks-keyservers.net
keyserver-options ca-cert-file=~/.gnupg/sks-keyservers.netCA.pem auto-key-retrieve no-include-revoked verbose no-honor-keyserver-url import-clean
# Try to automatically find keys from keyserver if key for email address isn't found, but we are encrypting to email address.
auto-key-locate keyserver
# Use my key by default
#default-key 0x4DB53CFE82A46728 # MKAYSIGREP # MKAYSIGREPGPG
# Encrypt to sender's key by default
default-recipient-self
# Always encrypt to my key
#encrypt-to 0x4DB53CFE82A46728 # MKAYSIGREP MKAYSIGREPGPG
# Use UTF-8 charset
charset UTF-8
display-charset utf-8
# use GPG Agent to avoid retyping passphrase very ofoten.
use-agent
# Do everything in ASCII format by default instead of binary
armor
# Note to self: import-clean = delete signatures from unknown keys || import-minimal = remove all signatures from keys.
personal-cipher-preferences AES256,AES192,AES,CAST5,3DES
personal-digest-preferences SHA512,SHA384,SHA256,SHA224,RIPEMD160,SHA1,MD5
personal-compress-preferences BZIP2,ZLIB,ZIP
# Default preferences
default-preference-list AES256,AES192,AES,CAST5,3DES SHA512,SHA384,SHA256,SHA224,RIPEMD160,SHA1,MD5 BZIP2,ZLIB,ZIP
default-keyserver-url hkps://hkps.pool.sks-keyservers.net
# Forcing preferred settings even if it's against OpenPGP standards
cert-digest-algo SHA512
digest-algo SHA512
compress-algo BZIP2
no-allow-non-selfsigned-uid
allow-multiple-messages
# Show the LONG KEYID and fingerprint by default and tell that it's hexadecimal string.
keyid-format 0xLONG
with-fingerprint
# Use Eye Of Gnome as default image viewer
photo-viewer eog %i
# The default to use for the check level when signing a key.
#default-cert-level 2
lock-multiple
expert
verbose
verbose
verbose
# Teach to be careful with sensitive things by exporting them like everything else
import-options import-local-sigs import-clean
export-options export-local-sigs export-attributes export-sensitive-revkeys export-clean
# Ask everything
ask-cert-level
ask-cert-expire
# Copying https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defaults
# when outputting certificates, view user IDs distinctly from keys:
fixed-list-mode
# You should always know at a glance which User IDs gpg thinks are legitimately bound to the keys in your keyring:
verify-options show-uid-validity
list-options show-uid-validity
# Add comments to things signed/encrypted by gpg
#comment Homepage: http://mkaysi.github.com/ # MKAYSIGREP MKAYSIGREPGPG
#comment Public key: http://mkaysi.github.com/PGP/0x82A46728.txt # MKAYSIGREP MKAYSIGREPGPG
#comment gpg --fetch-keys http://mkaysi.github.com/PGP/0x82A46728.txt # MKAYSIGREP MKAYSIGREPGPG
#comment Fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 # MKAYSIGREP MKAYSIGREPGPG
#comment How/Why I send emails like I do http://git.io/tkIyFQ
#uncomment if someone complains about information behind above link without reading it
#comment ^^ explains why my signature is long and how you can hide it
#comment How to not verify my signature http://xkcd.com/1181/ # MKAYSIGREP
# Contacts / Groups
# PGPNET
group PGPNET=0x9CC6C4F03F370F7E 0x028ADF7453B04B15 0x4FA0BC023E154674 0x321E4E2373590E5D 0xC8B9B8C9DAC006F7 0xE045FE37AD62C09F 0x3BF4412249A850DC 0xB511FEE3DD86C24F 0x206C38805E0E5C42 0x013680AC643DD559 0xE0E9DD26F1D99755 0x82121A454319410E 0x41B0346260D02095 0x6874B04B6A0687B0 0xED845FEEA602AAB7 0x83C6A66F46914B32 0xCE462071331D023F 0xF1B011DC0365833F 0xD3C7FB49081383FA 0xBB0F603E6691CBDF 0x5D57C386564C4A09 0xC110784A111831BE 0xA8A90B8EAD0C6E69 0x4DB53CFE82A46728 0xB6ABE088B62E904D 0x2353DCC8E13CDF84 0x034FD3C3BAD41583 0x82CDBDAB82A8E763 0xF4E1C6A18013408D 0x797DFD70917B1BF0 0x5F11CD9291FD8F51 0xC021F18A9A135171 0x86511A36FE79D2D4 0x0EBB8286E8A253BA 0x7D618792A3E069DE 0x9B6B50F3CBF0F0D3 0xF010498E5AECF89B 0xB96EAA54B5D84CE0 0x0AB32D6916E2E31D 0x0B6ED1FFDD271AEC
# TouchLay Server Adminstrators
group TLSA=0x4DB53CFE82A46728 0x0BD622288449A12B 0x729DF464666CC0DD 0xCACC5B094EC00206