]>
Commit | Line | Data |
---|---|---|
5b61754d MF |
1 | # Options for GnuPG |
2 | # Copyright 1998, 1999, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. | |
3 | # | |
4 | # This file is free software; as a special exception the author gives | |
5 | # unlimited permission to copy and/or distribute it, with or without | |
6 | # modifications, as long as this notice is preserved. | |
7 | # | |
8 | # This file is distributed in the hope that it will be useful, but | |
9 | # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the | |
10 | # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
11 | # | |
12 | # Unless you specify which option file to use (with the command line | |
13 | # option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf | |
14 | # by default. | |
15 | # | |
16 | # An options file can contain any long options which are available in | |
17 | # GnuPG. If the first non white space character of a line is a '#', | |
18 | # this line is ignored. Empty lines are also ignored. | |
19 | # | |
20 | # See the man page for a list of options. | |
21 | ||
22 | # Uncomment the following option to get rid of the copyright notice | |
23 | ||
1afdf944 | 24 | no-greeting |
5b61754d MF |
25 | |
26 | # If you have more than 1 secret key in your keyring, you may want to | |
27 | # uncomment the following option and set your preferred keyid. | |
28 | ||
8afc0714 | 29 | default-key B902B5271325F892AC251AD441633B9FE837F581 |
fbc6f550 | 30 | #default-key C5075F3CF8214B0104054CB7624909AED7E56346 |
5b61754d MF |
31 | |
32 | # If you do not pass a recipient to gpg, it will ask for one. Using | |
33 | # this option you can encrypt to a default key. Key validation will | |
34 | # not be done in this case. The second form uses the default key as | |
35 | # default recipient. | |
36 | ||
37 | #default-recipient some-user-id | |
38 | #default-recipient-self | |
39 | ||
40 | # Use --encrypt-to to add the specified key as a recipient to all | |
41 | # messages. This is useful, for example, when sending mail through a | |
42 | # mail client that does not automatically encrypt mail to your key. | |
43 | # In the example, this option allows you to read your local copy of | |
44 | # encrypted mail that you've sent to others. | |
45 | ||
46 | #encrypt-to some-key-id | |
47 | ||
48 | # By default GnuPG creates version 3 signatures for data files. This | |
49 | # is not strictly OpenPGP compliant but PGP 6 and most versions of PGP | |
50 | # 7 require them. To disable this behavior, you may use this option | |
51 | # or --openpgp. | |
52 | ||
53 | #no-force-v3-sigs | |
54 | ||
55 | # Because some mailers change lines starting with "From " to ">From " | |
56 | # it is good to handle such lines in a special way when creating | |
57 | # cleartext signatures; all other PGP versions do it this way too. | |
58 | # To enable full OpenPGP compliance you may want to use this option. | |
59 | ||
60 | #no-escape-from-lines | |
61 | ||
62 | # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell | |
63 | # GnuPG which is the native character set. Please check the man page | |
64 | # for supported character sets. This character set is only used for | |
65 | # metadata and not for the actual message which does not undergo any | |
66 | # translation. Note that future version of GnuPG will change to UTF-8 | |
67 | # as default character set. In most cases this option is not required | |
68 | # GnuPG is able to figure out the correct charset and use that. | |
69 | ||
70 | #charset utf-8 | |
71 | ||
72 | # Group names may be defined like this: | |
73 | # group mynames = paige 0x12345678 joe patti | |
74 | # | |
75 | # Any time "mynames" is a recipient (-r or --recipient), it will be | |
76 | # expanded to the names "paige", "joe", and "patti", and the key ID | |
77 | # "0x12345678". Note there is only one level of expansion - you | |
78 | # cannot make an group that points to another group. Note also that | |
79 | # if there are spaces in the recipient name, this will appear as two | |
80 | # recipients. In these cases it is better to use the key ID. | |
81 | ||
82 | #group mynames = paige 0x12345678 joe patti | |
83 | ||
84 | # Lock the file only once for the lifetime of a process. If you do | |
85 | # not define this, the lock will be obtained and released every time | |
86 | # it is needed, which is usually preferable. | |
87 | ||
88 | #lock-once | |
89 | ||
90 | # GnuPG can send and receive keys to and from a keyserver. These | |
91 | # servers can be HKP, email, or LDAP (if GnuPG is built with LDAP | |
92 | # support). | |
93 | # | |
94 | # Example HKP keyserver: | |
95 | # hkp://subkeys.pgp.net | |
96 | # | |
97 | # Example email keyserver: | |
98 | # mailto:pgp-public-keys@keys.pgp.net | |
99 | # | |
100 | # Example LDAP keyservers: | |
101 | # ldap://keyserver.pgp.com | |
102 | # | |
103 | # Regular URL syntax applies, and you can set an alternate port | |
104 | # through the usual method: | |
105 | # hkp://keyserver.example.net:22742 | |
106 | # | |
107 | # If you have problems connecting to a HKP server through a buggy http | |
108 | # proxy, you can use keyserver option broken-http-proxy (see below), | |
109 | # but first you should make sure that you have read the man page | |
110 | # regarding proxies (keyserver option honor-http-proxy) | |
111 | # | |
112 | # Most users just set the name and type of their preferred keyserver. | |
113 | # Note that most servers (with the notable exception of | |
114 | # ldap://keyserver.pgp.com) synchronize changes with each other. Note | |
115 | # also that a single server name may actually point to multiple | |
116 | # servers via DNS round-robin. hkp://subkeys.pgp.net is an example of | |
117 | # such a "server", which spreads the load over a number of physical | |
118 | # servers. | |
119 | ||
8afc0714 MF |
120 | #keyserver hkp://subkeys.pgp.net |
121 | keyserver hkp://pgp.mit.edu | |
122 | #keyserver http://keys.gnupg.net | |
1afdf944 | 123 | #keyserver hkp://wwwkeys.eu.pgp.net |
5b61754d | 124 | #keyserver mailto:pgp-public-keys@keys.nl.pgp.net |
1afdf944 | 125 | #keyserver ldap://pgp.surfnet.nl:11370 |
5b61754d MF |
126 | #keyserver ldap://keyserver.pgp.com |
127 | ||
128 | # Common options for keyserver functions: | |
129 | # | |
130 | # include-disabled = when searching, include keys marked as "disabled" | |
131 | # on the keyserver (not all keyservers support this). | |
132 | # | |
133 | # no-include-revoked = when searching, do not include keys marked as | |
134 | # "revoked" on the keyserver. | |
135 | # | |
136 | # verbose = show more information as the keys are fetched. | |
137 | # Can be used more than once to increase the amount | |
138 | # of information shown. | |
139 | # | |
140 | # use-temp-files = use temporary files instead of a pipe to talk to the | |
141 | # keyserver. Some platforms (Win32 for one) always | |
142 | # have this on. | |
143 | # | |
144 | # keep-temp-files = do not delete temporary files after using them | |
145 | # (really only useful for debugging) | |
146 | # | |
147 | # honor-http-proxy = if the keyserver uses HTTP, honor the http_proxy | |
148 | # environment variable | |
149 | # | |
150 | # broken-http-proxy = try to work around a buggy HTTP proxy | |
151 | # | |
152 | # auto-key-retrieve = automatically fetch keys as needed from the keyserver | |
153 | # when verifying signatures or when importing keys that | |
154 | # have been revoked by a revocation key that is not | |
155 | # present on the keyring. | |
156 | # | |
157 | # no-include-attributes = do not include attribute IDs (aka "photo IDs") | |
158 | # when sending keys to the keyserver. | |
159 | ||
fbc6f550 | 160 | keyserver-options timeout=30 |
1afdf944 | 161 | keyserver-options auto-key-retrieve |
8afc0714 MF |
162 | #keyserver-options verbose |
163 | #keyserver-options verbose | |
164 | #keyserver-options verbose | |
5b61754d MF |
165 | |
166 | # Display photo user IDs in key listings | |
167 | ||
168 | # list-options show-photos | |
169 | ||
170 | # Display photo user IDs when a signature from a key with a photo is | |
171 | # verified | |
172 | ||
173 | # verify-options show-photos | |
174 | ||
175 | # Use this program to display photo user IDs | |
176 | # | |
177 | # %i is expanded to a temporary file that contains the photo. | |
178 | # %I is the same as %i, but the file isn't deleted afterwards by GnuPG. | |
179 | # %k is expanded to the key ID of the key. | |
180 | # %K is expanded to the long OpenPGP key ID of the key. | |
181 | # %t is expanded to the extension of the image (e.g. "jpg"). | |
182 | # %T is expanded to the MIME type of the image (e.g. "image/jpeg"). | |
183 | # %f is expanded to the fingerprint of the key. | |
184 | # %% is %, of course. | |
185 | # | |
186 | # If %i or %I are not present, then the photo is supplied to the | |
187 | # viewer on standard input. If your platform supports it, standard | |
188 | # input is the best way to do this as it avoids the time and effort in | |
189 | # generating and then cleaning up a secure temp file. | |
190 | # | |
191 | # If no photo-viewer is provided, GnuPG will look for xloadimage, eog, | |
192 | # or display (ImageMagick). On Mac OS X and Windows, the default is | |
193 | # to use your regular JPEG image viewer. | |
194 | # | |
195 | # Some other viewers: | |
196 | # photo-viewer "qiv %i" | |
197 | # photo-viewer "ee %i" | |
198 | # | |
199 | # This one saves a copy of the photo ID in your home directory: | |
200 | # photo-viewer "cat > ~/photoid-for-key-%k.%t" | |
201 | # | |
202 | # Use your MIME handler to view photos: | |
203 | # photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG" | |
204 | ||
205 | # Passphrase agent | |
206 | # | |
207 | # We support the old experimental passphrase agent protocol as well as | |
208 | # the new Assuan based one (currently available in the "newpg" package | |
209 | # at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent, | |
210 | # you have to run an agent as daemon and use the option | |
211 | # | |
1afdf944 | 212 | use-agent |
5b61754d MF |
213 | # |
214 | # which tries to use the agent but will fallback to the regular mode | |
215 | # if there is a problem connecting to the agent. The normal way to | |
216 | # locate the agent is by looking at the environment variable | |
217 | # GPG_AGENT_INFO which should have been set during gpg-agent startup. | |
218 | # In certain situations the use of this variable is not possible, thus | |
219 | # the option | |
220 | # | |
221 | # --gpg-agent-info=<path>:<pid>:1 | |
222 | # | |
223 | # may be used to override it. | |
224 | ||
225 | # Automatic key location | |
226 | # | |
227 | # GnuPG can automatically locate and retrieve keys as needed using the | |
228 | # auto-key-locate option. This happens when encrypting to an email | |
229 | # address (in the "user@example.com" form), and there are no | |
230 | # user@example.com keys on the local keyring. This option takes the | |
231 | # following arguments, in the order they are to be tried: | |
232 | # | |
233 | # cert = locate a key using DNS CERT, as specified in 2538bis | |
234 | # (currently in draft): http://www.josefsson.org/rfc2538bis/ | |
235 | # | |
236 | # pka = locate a key using DNS PKA. | |
237 | # | |
238 | # ldap = locate a key using the PGP Universal method of checking | |
239 | # "ldap://keys.(thedomain)". | |
240 | # | |
241 | # keyserver = locate a key using whatever keyserver is defined using | |
242 | # the keyserver option. | |
243 | # | |
244 | # You may also list arbitrary keyservers here by URL. | |
245 | # | |
246 | # Try CERT, then PKA, then LDAP, then hkp://subkeys.net: | |
247 | #auto-key-locate cert pka ldap hkp://subkeys.pgp.net | |
1afdf944 MF |
248 | |
249 | utf8-strings |