Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
63 lines (51 sloc) 2.61 KB
no-greeting
# Don't leak information by automatically trying to get keys.
no-auto-key-locate
# Set the charset to UTF-8; you should make sure that your terminal correctly implements UTF-8 support.
# TODO(dlg): vttest?
charset utf-8
display-charset utf-8
# Display long keyids and fingerprints by default
keyid-format 0xlong
with-fingerprint
verbose
# Never show photos, but show all notations and signature subpackets
list-options show-policy-urls no-show-photos show-notations show-keyserver-urls show-uid-validity show-sig-subpackets
verify-options show-policy-urls no-show-photos show-notations show-keyserver-urls show-uid-validity no-pka-lookups no-pka-trust-increase
# Disable truncating DSA2 message hashes (yes, that's what this does)
disable-dsa2
# Use the https-secured HKPS pool. The sks-keyservers.net CA is available at https://sks-keyservers.net/sks-keyservers.netCA.pem
keyserver hkps://hkps.pool.sks-keyservers.net
keyserver-options check-cert ca-cert-file=~/.gnupg/sks-keyservers.netCA.pem keep-temp-files verbose verbose debug no-honor-keyserver-url no-auto-key-retrieve no-honor-pka-record
# Some options to avoid stupid behaviors.
require-cross-certification
force-v4-certs
import-options no-repair-pks-subkey-bug import-clean
export-options export-clean
force-mdc
# Use a real encryption algorithm to protect the secret keyring, rather than CAST5.
s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-mode 3
# This is the maximum iteration count. It's way too small. You should entomb or just
# scrypt your private keyring when not in use.
s2k-count 65011712
# Human-readable version of cipher preferences:
# Cipher: AES256, AES192, AES, TWOFISH, BLOWFISH, CAMELLIA256, CAMELLIA192, CAMELLIA128
# rationale: AES is best-studied. Twofish and Blowfish second-best. CAMELLIA is believed
# to be as strong as AES but much less studied. (You may prefer moving AES128 lower.)
# Digest: SHA512, SHA384, SHA224, SHA256, RIPEMD160
# rationale: SHA2 is still considered strong. RIPEMD160 is believed better than SHA-1.
# Compression: ZLIB, BZIP2, ZIP, Uncompressed
# rationale: Personal preference.
# Set cipher preferences for encryption/signing to other users.
# NB: This does not prevent an 3DES, IDEA, or MD5 from being used, if the recipient
# prefers it.
personal-cipher-preferences S9 S8 S7 S10 S4 S13 S12 S11
personal-digest-preferences H10 H9 H11 H8 H3 H2
personal-compress-preferences Z2 Z3 Z1 Z0
disable-cipher-algo CAST5 IDEA
# Regrettably, not supported by GnuPG
# disable-digest-algo MD5
# Set the default preference list for new public keys.
default-preference-list S9 S8 S7 S10 S4 S13 S12 S11 H10 H9 H11 H8 H3 H2 Z2 Z3 Z1 Z0