45 lines
No EOL
1.5 KiB
Text
45 lines
No EOL
1.5 KiB
Text
# Don't hide options from the user
|
|
expert
|
|
|
|
# Use UTF-8
|
|
utf8-strings
|
|
|
|
# Ensure all keys are loaded from the designated keyserver
|
|
# When creating a key, individuals may designate a specific keyserver to use to
|
|
# pull their keys from, we shall ignore this
|
|
keyserver-options no-honor-keyserver-url
|
|
|
|
# Auto-retrieve keys
|
|
# GnuPG can automatically locate and retrieve keys as needed using this option.
|
|
# This happens when encrypting to an email address (in the "user@@example.com"
|
|
# form) and there are no keys matching "user@example.com" in the local keyring.
|
|
# This option takes any number mechanisms which are tried in the given order.
|
|
# The default is "--auto-key-locate local" to search for keys only in the local
|
|
# key database. Uncomment the next line to locate a missing key using two DNS
|
|
# based mechanisms.
|
|
auto-key-locate local,pka,dane
|
|
|
|
# Get the best of the WoT and ToFU:
|
|
trust-model tofu+pgp
|
|
tofu-default-policy unknown
|
|
|
|
# Display long key IDs
|
|
keyid-format 0xlong
|
|
|
|
# Display the calculated validity of user IDs during key listings
|
|
list-options show-uid-validity
|
|
verify-options show-uid-validity
|
|
|
|
# Disable comment string in clear text signatures and ASCII armored messages
|
|
no-comments
|
|
|
|
# Define preferences
|
|
# This is based on the article at bettercrypto.org/#pretty_good_privacy
|
|
personal-digest-preferences SHA512
|
|
cert-digest-algo SHA512
|
|
default-preference-list AES256 CAMELLIA256 AES192 CAMELLIA192 AES CAMELLIA128 TWOFISH SHA512 SHA384 SHA256 BZIP2 ZLIB ZIP
|
|
|
|
# Disable weak digests
|
|
# May be overriden with --allow-weak-digest-algos
|
|
weak-digest MD5
|
|
weak-digest SHA1 |