This repository has been archived by the owner on Aug 26, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
gpg.conf
68 lines (51 loc) · 2.07 KB
/
gpg.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# The options are listed in the order of their occurence in "man gpg".
# !!! Set a valid ID of your secret key. !!!
default-key 0xABCDetc.
default-recipient-self
list-options show-unusable-uids show-unusable-subkeys show-sig-expire
utf8-strings
ask-cert-level
# web-of-trust is dead. I trust keys whose key validity I set myself as trustworthy.
trust-model direct
auto-key-locate clear,wkd,dane,cert,hkps://keys.gentoo.org,hkps://keyring.debian.org,hkps://keys.openpgp.org,hkps://keys.mailvelope.com,hkps://keyserver.ubuntu.com,local
keyid-format 0xlong
# "include-revoked":
# Setting "no-include-revoked" might skip keys
# that are falsely marked as "revoked" by the keyserver.
keyserver-options include-revoked include-subkeys
no-greeting
require-secmem
# Set the same key ID as you set with "default-key".
# That way you can always decrypt stuff
# you encrypted asymmetrically for foreign recipients.
encrypt-to 0xABCDetc.
# This embeds your e-mail address in the signature
# to allow recipients to use:
# gpg --auto-key-locate clear,wkd --locate-external-keys <e-mail address of your UID>
sender <e-mail address of your UID>
# 3rd parties don't need the authentication subkey.
export-filter "drop-subkey=usage=a"
export-options no-export-attributes export-clean
with-fingerprint
with-subkey-fingerprint
with-key-origin
force-aead
personal-cipher-preferences AES256 TWOFISH CAMELLIA256 AES192 CAMELLIA192 AES CAMELLIA128
personal-digest-preferences SHA512 SHA384 SHA256
personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed
s2k-cipher-algo AES256
s2k-digest-algo SHA512
# Beware of: https://bugs.gentoo.org/878479
# If you want to host your keys on a keyserver
# and want to publicize the keyserver.
# Set "sig-keyserver-url" only once!
#sig-keyserver-url hkps://keys.openpgp.org
#sig-keyserver-url hkps://keys.mailvelope.com
cert-digest-algo SHA512
no-symkey-cache
no-allow-non-selfsigned-uid
weak-digest RIPEMD160
weak-digest SHA1
ask-sig-expire
ask-cert-expire
default-preference-list AES256 TWOFISH CAMELLIA256 AES192 CAMELLIA192 AES CAMELLIA128 SHA512 SHA384 SHA256 BZIP2 ZLIB ZIP Uncompressed