# Don't hide options from the user
expert

# Use UTF-8
utf8-strings

# Ensure all keys are loaded from the designated keyserver
# When creating a key, individuals may designate a specific keyserver to use to
# pull their keys from, we shall ignore this
keyserver-options no-honor-keyserver-url

# Auto-retrieve keys
# GnuPG can automatically locate and retrieve keys as needed using this option.
# This happens when encrypting to an email address (in the "user@@example.com"
# form) and there are no keys matching "user@example.com" in the local keyring.
# This option takes any number mechanisms which are tried in the given order.
# The default is "--auto-key-locate local" to search for keys only in the local
# key database. Uncomment the next line to locate a missing key using two DNS
# based mechanisms.
auto-key-locate local,pka,dane

# Get the best of the WoT and ToFU:
trust-model tofu+pgp
tofu-default-policy unknown

# Display long key IDs
keyid-format 0xlong

# Display the calculated validity of user IDs during key listings
list-options show-uid-validity
verify-options show-uid-validity

# Disable comment string in clear text signatures and ASCII armored messages
no-comments

# Define preferences
# This is based on the article at bettercrypto.org/#pretty_good_privacy
personal-digest-preferences SHA512
cert-digest-algo SHA512
default-preference-list AES256 CAMELLIA256 AES192 CAMELLIA192 AES CAMELLIA128 TWOFISH SHA512 SHA384 SHA256 BZIP2 ZLIB ZIP

# Disable weak digests
# May be overriden with --allow-weak-digest-algos
weak-digest MD5
weak-digest SHA1