Gnupg

1. # Options for GnuPG
2. # Copyright 1998, 1999, 2000, 2001, 2002, 2003,
3. # 2010 Free Software Foundation, Inc.
4. #
5. # This file is free software; as a special exception the author gives
6. # unlimited permission to copy and/or distribute it, with or without
7. # modifications, as long as this notice is preserved.
8. #
9. # This file is distributed in the hope that it will be useful, but
10. # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
11. # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
12. #
13. # Unless you specify which option file to use (with the command line
14. # option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf
15. # by default.
16. #
17. # An options file can contain any long options which are available in
18. # GnuPG. If the first non white space character of a line is a '#',
19. # this line is ignored. Empty lines are also ignored.
20. #
21. # See the man page for a list of options.
22.  
23. # Uncomment the following option to get rid of the copyright notice
24.  
25. #no-greeting
26.  
27. # If you have more than 1 secret key in your keyring, you may want to
28. # uncomment the following option and set your preferred keyid.
29.  
30. #default-key 621CC013
31.  
32. # If you do not pass a recipient to gpg, it will ask for one. Using
33. # this option you can encrypt to a default key. Key validation will
34. # not be done in this case. The second form uses the default key as
35. # default recipient.
36.  
37. #default-recipient some-user-id
38. #default-recipient-self
39.  
40. # Use --encrypt-to to add the specified key as a recipient to all
41. # messages. This is useful, for example, when sending mail through a
42. # mail client that does not automatically encrypt mail to your key.
43. # In the example, this option allows you to read your local copy of
44. # encrypted mail that you've sent to others.
45.  
46. #encrypt-to some-key-id
47.  
48. # By default GnuPG creates version 4 signatures for data files as
49. # specified by OpenPGP. Some earlier (PGP 6, PGP 7) versions of PGP
50. # require the older version 3 signatures. Setting this option forces
51. # GnuPG to create version 3 signatures.
52.  
53. #force-v3-sigs
54.  
55. # Because some mailers change lines starting with "From " to ">From "
56. # it is good to handle such lines in a special way when creating
57. # cleartext signatures; all other PGP versions do it this way too.
58.  
59. #no-escape-from-lines
60.  
61. # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell
62. # GnuPG which is the native character set. Please check the man page
63. # for supported character sets. This character set is only used for
64. # metadata and not for the actual message which does not undergo any
65. # translation. Note that future version of GnuPG will change to UTF-8
66. # as default character set. In most cases this option is not required
67. # as GnuPG is able to figure out the correct charset at runtime.
68.  
69. #charset utf-8
70.  
71. # Group names may be defined like this:
72. # group mynames = paige 0x12345678 joe patti
73. #
74. # Any time "mynames" is a recipient (-r or --recipient), it will be
75. # expanded to the names "paige", "joe", and "patti", and the key ID
76. # "0x12345678". Note there is only one level of expansion - you
77. # cannot make an group that points to another group. Note also that
78. # if there are spaces in the recipient name, this will appear as two
79. # recipients. In these cases it is better to use the key ID.
80.  
81. #group mynames = paige 0x12345678 joe patti
82.  
83. # Lock the file only once for the lifetime of a process. If you do
84. # not define this, the lock will be obtained and released every time
85. # it is needed, which is usually preferable.
86.  
87. #lock-once
88.  
89. # GnuPG can send and receive keys to and from a keyserver. These
90. # servers can be HKP, email, or LDAP (if GnuPG is built with LDAP
91. # support).
92. #
93. # Example HKP keyserver:
94. # hkp://keys.gnupg.net
95. # hkp://subkeys.pgp.net
96. #
97. # Example email keyserver:
98. # mailto:[email protected]
99. #
100. # Example LDAP keyservers:
101. # ldap://keyserver.pgp.com
102. #
103. # Regular URL syntax applies, and you can set an alternate port
104. # through the usual method:
105. # hkp://keyserver.example.net:22742
106. #
107. # Most users just set the name and type of their preferred keyserver.
108. # Note that most servers (with the notable exception of
109. # ldap://keyserver.pgp.com) synchronize changes with each other. Note
110. # also that a single server name may actually point to multiple
111. # servers via DNS round-robin. hkp://keys.gnupg.net is an example of
112. # such a "server", which spreads the load over a number of physical
113. # servers. To see the IP address of the server actually used, you may use
114. # the "--keyserver-options debug".
115.  
116. keyserver hkp://keys.gnupg.net
117. #keyserver mailto:[email protected]
118. #keyserver ldap://keyserver.pgp.com
119.  
120. # Common options for keyserver functions:
121. #
122. # include-disabled : when searching, include keys marked as "disabled"
123. # on the keyserver (not all keyservers support this).
124. #
125. # no-include-revoked : when searching, do not include keys marked as
126. # "revoked" on the keyserver.
127. #
128. # verbose : show more information as the keys are fetched.
129. # Can be used more than once to increase the amount
130. # of information shown.
131. #
132. # use-temp-files : use temporary files instead of a pipe to talk to the
133. # keyserver. Some platforms (Win32 for one) always
134. # have this on.
135. #
136. # keep-temp-files : do not delete temporary files after using them
137. # (really only useful for debugging)
138. #
139. # http-proxy="proxy" : set the proxy to use for HTTP and HKP keyservers.
140. # This overrides the "http_proxy" environment variable,
141. # if any.
142. #
143. # auto-key-retrieve : automatically fetch keys as needed from the keyserver
144. # when verifying signatures or when importing keys that
145. # have been revoked by a revocation key that is not
146. # present on the keyring.
147. #
148. # no-include-attributes : do not include attribute IDs (aka "photo IDs")
149. # when sending keys to the keyserver.
150.  
151. #keyserver-options auto-key-retrieve
152.  
153. # Display photo user IDs in key listings
154.  
155. # list-options show-photos
156.  
157. # Display photo user IDs when a signature from a key with a photo is
158. # verified
159.  
160. # verify-options show-photos
161.  
162. # Use this program to display photo user IDs
163. #
164. # %i is expanded to a temporary file that contains the photo.
165. # %I is the same as %i, but the file isn't deleted afterwards by GnuPG.
166. # %k is expanded to the key ID of the key.
167. # %K is expanded to the long OpenPGP key ID of the key.
168. # %t is expanded to the extension of the image (e.g. "jpg").
169. # %T is expanded to the MIME type of the image (e.g. "image/jpeg").
170. # %f is expanded to the fingerprint of the key.
171. # %% is %, of course.
172. #
173. # If %i or %I are not present, then the photo is supplied to the
174. # viewer on standard input. If your platform supports it, standard
175. # input is the best way to do this as it avoids the time and effort in
176. # generating and then cleaning up a secure temp file.
177. #
178. # If no photo-viewer is provided, GnuPG will look for xloadimage, eog,
179. # or display (ImageMagick). On Mac OS X and Windows, the default is
180. # to use your regular JPEG image viewer.
181. #
182. # Some other viewers:
183. # photo-viewer "qiv %i"
184. # photo-viewer "ee %i"
185. #
186. # This one saves a copy of the photo ID in your home directory:
187. # photo-viewer "cat > ~/photoid-for-key-%k.%t"
188. #
189. # Use your MIME handler to view photos:
190. # photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG"
191.  
192. # Passphrase agent
193. #
194. # We support the old experimental passphrase agent protocol as well as
195. # the new Assuan based one (currently available in the "newpg" package
196. # at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent,
197. # you have to run an agent as daemon and use the option
198. #
199. # For Ubuntu we now use-agent by default to support more automatic
200. # use of GPG and S/MIME encryption by GUI programs. Depending on the
201. # program, users may still have to manually decide to install gnupg-agent.
202.  
203. use-agent
204.  
205. # which tries to use the agent but will fallback to the regular mode
206. # if there is a problem connecting to the agent. The normal way to
207. # locate the agent is by looking at the environment variable
208. # GPG_AGENT_INFO which should have been set during gpg-agent startup.
209. # In certain situations the use of this variable is not possible, thus
210. # the option
211. #
212. # --gpg-agent-info=<path>:<pid>:1
213. #
214. # may be used to override it.
215.  
216. # Automatic key location
217. #
218. # GnuPG can automatically locate and retrieve keys as needed using the
219. # auto-key-locate option. This happens when encrypting to an email
220. # address (in the "[email protected]" form), and there are no
221. # [email protected] keys on the local keyring. This option takes the
222. # following arguments, in the order they are to be tried:
223. #
224. # cert = locate a key using DNS CERT, as specified in RFC-4398.
225. # GnuPG can handle both the PGP (key) and IPGP (URL + fingerprint)
226. # CERT methods.
227. #
228. # pka = locate a key using DNS PKA.
229. #
230. # ldap = locate a key using the PGP Universal method of checking
231. # "ldap://keys.(thedomain)". For example, encrypting to
232. # [email protected] will check ldap://keys.example.com.
233. #
234. # keyserver = locate a key using whatever keyserver is defined using
235. # the keyserver option.
236. #
237. # You may also list arbitrary keyservers here by URL.
238. #
239. # Try CERT, then PKA, then LDAP, then hkp://subkeys.net:
240. #auto-key-locate cert pka ldap hkp://subkeys.pgp.net