-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathgpg.conf
75 lines (56 loc) · 2.59 KB
/
gpg.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
################################################################################
# Hardened GPG Configuration (gpg.conf) by Jonathan Cross - 2019
# https://github.com/jonathancross/jc-docs/blob/master/pgp/gpg.conf
# Note: this file only lists overrides where needed and omits many options.
# Get rid of the copyright notice
no-greeting
# If you do not use the Latin-1 (ISO-8859-1) charset, you should tell
# GnuPG which is the native character set. Please check the man page
# for supported character sets. This character set is only used for
# metadata and not for the actual message which does not undergo any
# translation. Note that future version of GnuPG will change to UTF-8
# as default character set.
charset utf-8
# SIGNATURES AND HASHES
# message digest algorithm used when signing a key
cert-digest-algo SHA512
# This preference list is used for new keys and becomes the default for
# "setpref" in the edit menu
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
# Turn up the compression level and prefer BZIP2 over ZIP and ZLIB.
bzip2-compress-level 9
compress-level 9
personal-compress-preferences BZIP2 ZIP ZLIB
# Prefer more modern ciphers over older ones.
personal-cipher-preferences AES256 TWOFISH AES192 BLOWFISH AES CAST5
# Prefer strong hashes whenever possible.
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
# When verifying a signature made from a subkey, ensure that the cross
# certification "back signature" on the subkey is present and valid.
# This protects against a subtle attack against subkeys that can sign.
# Defaults to --no-require-cross-certification. However for new
# installations it should be enabled.
require-cross-certification
# Don't include a version number or a comment in my output.
no-emit-version
no-comments
# Always include signatures from these two certificates.
# local-user [YOUR KEY HERE]
# Display long key IDs
keyid-format 0xlong
# List all keys (or the specified ones) along with their fingerprints
with-fingerprint
# Show policy url notation
list-options show-policy-url show-user-notations show-sig-expire
list-options show-uid-validity
# If you do not pass a recipient to gpg, it will ask for one. Using
# this option you can encrypt to a default key. Key validation will
# not be done in this case. The second form uses the default key as
# default recipient.
#default-recipient some-user-id
default-recipient-self
# KEYSERVER OPTIONS
keyserver-options auto-key-retrieve
keyserver-options no-honor-keyserver-url
auto-key-locate keyserver hkps://keys.openpgp.org
keyserver hkps://keys.openpgp.org