]>
Commit | Line | Data |
---|---|---|
5b61754d MF |
1 | # Options for GnuPG |
2 | # Copyright 1998, 1999, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. | |
3 | # | |
4 | # This file is free software; as a special exception the author gives | |
5 | # unlimited permission to copy and/or distribute it, with or without | |
6 | # modifications, as long as this notice is preserved. | |
7 | # | |
8 | # This file is distributed in the hope that it will be useful, but | |
9 | # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the | |
10 | # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
11 | # | |
12 | # Unless you specify which option file to use (with the command line | |
13 | # option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf | |
14 | # by default. | |
15 | # | |
16 | # An options file can contain any long options which are available in | |
17 | # GnuPG. If the first non white space character of a line is a '#', | |
18 | # this line is ignored. Empty lines are also ignored. | |
19 | # | |
20 | # See the man page for a list of options. | |
21 | ||
22 | # Uncomment the following option to get rid of the copyright notice | |
23 | ||
1afdf944 | 24 | no-greeting |
5b61754d MF |
25 | |
26 | # If you have more than 1 secret key in your keyring, you may want to | |
27 | # uncomment the following option and set your preferred keyid. | |
28 | ||
8afc0714 | 29 | default-key B902B5271325F892AC251AD441633B9FE837F581 |
5b61754d MF |
30 | |
31 | # If you do not pass a recipient to gpg, it will ask for one. Using | |
32 | # this option you can encrypt to a default key. Key validation will | |
33 | # not be done in this case. The second form uses the default key as | |
34 | # default recipient. | |
35 | ||
36 | #default-recipient some-user-id | |
37 | #default-recipient-self | |
38 | ||
39 | # Use --encrypt-to to add the specified key as a recipient to all | |
40 | # messages. This is useful, for example, when sending mail through a | |
41 | # mail client that does not automatically encrypt mail to your key. | |
42 | # In the example, this option allows you to read your local copy of | |
43 | # encrypted mail that you've sent to others. | |
44 | ||
45 | #encrypt-to some-key-id | |
46 | ||
47 | # By default GnuPG creates version 3 signatures for data files. This | |
48 | # is not strictly OpenPGP compliant but PGP 6 and most versions of PGP | |
49 | # 7 require them. To disable this behavior, you may use this option | |
50 | # or --openpgp. | |
51 | ||
52 | #no-force-v3-sigs | |
53 | ||
54 | # Because some mailers change lines starting with "From " to ">From " | |
55 | # it is good to handle such lines in a special way when creating | |
56 | # cleartext signatures; all other PGP versions do it this way too. | |
57 | # To enable full OpenPGP compliance you may want to use this option. | |
58 | ||
59 | #no-escape-from-lines | |
60 | ||
61 | # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell | |
62 | # GnuPG which is the native character set. Please check the man page | |
63 | # for supported character sets. This character set is only used for | |
64 | # metadata and not for the actual message which does not undergo any | |
65 | # translation. Note that future version of GnuPG will change to UTF-8 | |
66 | # as default character set. In most cases this option is not required | |
67 | # GnuPG is able to figure out the correct charset and use that. | |
68 | ||
69 | #charset utf-8 | |
70 | ||
71 | # Group names may be defined like this: | |
72 | # group mynames = paige 0x12345678 joe patti | |
73 | # | |
74 | # Any time "mynames" is a recipient (-r or --recipient), it will be | |
75 | # expanded to the names "paige", "joe", and "patti", and the key ID | |
76 | # "0x12345678". Note there is only one level of expansion - you | |
77 | # cannot make an group that points to another group. Note also that | |
78 | # if there are spaces in the recipient name, this will appear as two | |
79 | # recipients. In these cases it is better to use the key ID. | |
80 | ||
81 | #group mynames = paige 0x12345678 joe patti | |
82 | ||
83 | # Lock the file only once for the lifetime of a process. If you do | |
84 | # not define this, the lock will be obtained and released every time | |
85 | # it is needed, which is usually preferable. | |
86 | ||
87 | #lock-once | |
88 | ||
89 | # GnuPG can send and receive keys to and from a keyserver. These | |
90 | # servers can be HKP, email, or LDAP (if GnuPG is built with LDAP | |
91 | # support). | |
92 | # | |
93 | # Example HKP keyserver: | |
94 | # hkp://subkeys.pgp.net | |
95 | # | |
96 | # Example email keyserver: | |
97 | # mailto:pgp-public-keys@keys.pgp.net | |
98 | # | |
99 | # Example LDAP keyservers: | |
100 | # ldap://keyserver.pgp.com | |
101 | # | |
102 | # Regular URL syntax applies, and you can set an alternate port | |
103 | # through the usual method: | |
104 | # hkp://keyserver.example.net:22742 | |
105 | # | |
106 | # If you have problems connecting to a HKP server through a buggy http | |
107 | # proxy, you can use keyserver option broken-http-proxy (see below), | |
108 | # but first you should make sure that you have read the man page | |
109 | # regarding proxies (keyserver option honor-http-proxy) | |
110 | # | |
111 | # Most users just set the name and type of their preferred keyserver. | |
112 | # Note that most servers (with the notable exception of | |
113 | # ldap://keyserver.pgp.com) synchronize changes with each other. Note | |
114 | # also that a single server name may actually point to multiple | |
115 | # servers via DNS round-robin. hkp://subkeys.pgp.net is an example of | |
116 | # such a "server", which spreads the load over a number of physical | |
117 | # servers. | |
118 | ||
8afc0714 MF |
119 | #keyserver hkp://subkeys.pgp.net |
120 | keyserver hkp://pgp.mit.edu | |
121 | #keyserver http://keys.gnupg.net | |
1afdf944 | 122 | #keyserver hkp://wwwkeys.eu.pgp.net |
5b61754d | 123 | #keyserver mailto:pgp-public-keys@keys.nl.pgp.net |
1afdf944 | 124 | #keyserver ldap://pgp.surfnet.nl:11370 |
5b61754d MF |
125 | #keyserver ldap://keyserver.pgp.com |
126 | ||
127 | # Common options for keyserver functions: | |
128 | # | |
129 | # include-disabled = when searching, include keys marked as "disabled" | |
130 | # on the keyserver (not all keyservers support this). | |
131 | # | |
132 | # no-include-revoked = when searching, do not include keys marked as | |
133 | # "revoked" on the keyserver. | |
134 | # | |
135 | # verbose = show more information as the keys are fetched. | |
136 | # Can be used more than once to increase the amount | |
137 | # of information shown. | |
138 | # | |
139 | # use-temp-files = use temporary files instead of a pipe to talk to the | |
140 | # keyserver. Some platforms (Win32 for one) always | |
141 | # have this on. | |
142 | # | |
143 | # keep-temp-files = do not delete temporary files after using them | |
144 | # (really only useful for debugging) | |
145 | # | |
146 | # honor-http-proxy = if the keyserver uses HTTP, honor the http_proxy | |
147 | # environment variable | |
148 | # | |
149 | # broken-http-proxy = try to work around a buggy HTTP proxy | |
150 | # | |
151 | # auto-key-retrieve = automatically fetch keys as needed from the keyserver | |
152 | # when verifying signatures or when importing keys that | |
153 | # have been revoked by a revocation key that is not | |
154 | # present on the keyring. | |
155 | # | |
156 | # no-include-attributes = do not include attribute IDs (aka "photo IDs") | |
157 | # when sending keys to the keyserver. | |
158 | ||
1afdf944 MF |
159 | keyserver-options timeout=3 |
160 | keyserver-options auto-key-retrieve | |
8afc0714 MF |
161 | #keyserver-options verbose |
162 | #keyserver-options verbose | |
163 | #keyserver-options verbose | |
5b61754d MF |
164 | |
165 | # Display photo user IDs in key listings | |
166 | ||
167 | # list-options show-photos | |
168 | ||
169 | # Display photo user IDs when a signature from a key with a photo is | |
170 | # verified | |
171 | ||
172 | # verify-options show-photos | |
173 | ||
174 | # Use this program to display photo user IDs | |
175 | # | |
176 | # %i is expanded to a temporary file that contains the photo. | |
177 | # %I is the same as %i, but the file isn't deleted afterwards by GnuPG. | |
178 | # %k is expanded to the key ID of the key. | |
179 | # %K is expanded to the long OpenPGP key ID of the key. | |
180 | # %t is expanded to the extension of the image (e.g. "jpg"). | |
181 | # %T is expanded to the MIME type of the image (e.g. "image/jpeg"). | |
182 | # %f is expanded to the fingerprint of the key. | |
183 | # %% is %, of course. | |
184 | # | |
185 | # If %i or %I are not present, then the photo is supplied to the | |
186 | # viewer on standard input. If your platform supports it, standard | |
187 | # input is the best way to do this as it avoids the time and effort in | |
188 | # generating and then cleaning up a secure temp file. | |
189 | # | |
190 | # If no photo-viewer is provided, GnuPG will look for xloadimage, eog, | |
191 | # or display (ImageMagick). On Mac OS X and Windows, the default is | |
192 | # to use your regular JPEG image viewer. | |
193 | # | |
194 | # Some other viewers: | |
195 | # photo-viewer "qiv %i" | |
196 | # photo-viewer "ee %i" | |
197 | # | |
198 | # This one saves a copy of the photo ID in your home directory: | |
199 | # photo-viewer "cat > ~/photoid-for-key-%k.%t" | |
200 | # | |
201 | # Use your MIME handler to view photos: | |
202 | # photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG" | |
203 | ||
204 | # Passphrase agent | |
205 | # | |
206 | # We support the old experimental passphrase agent protocol as well as | |
207 | # the new Assuan based one (currently available in the "newpg" package | |
208 | # at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent, | |
209 | # you have to run an agent as daemon and use the option | |
210 | # | |
1afdf944 | 211 | use-agent |
5b61754d MF |
212 | # |
213 | # which tries to use the agent but will fallback to the regular mode | |
214 | # if there is a problem connecting to the agent. The normal way to | |
215 | # locate the agent is by looking at the environment variable | |
216 | # GPG_AGENT_INFO which should have been set during gpg-agent startup. | |
217 | # In certain situations the use of this variable is not possible, thus | |
218 | # the option | |
219 | # | |
220 | # --gpg-agent-info=<path>:<pid>:1 | |
221 | # | |
222 | # may be used to override it. | |
223 | ||
224 | # Automatic key location | |
225 | # | |
226 | # GnuPG can automatically locate and retrieve keys as needed using the | |
227 | # auto-key-locate option. This happens when encrypting to an email | |
228 | # address (in the "user@example.com" form), and there are no | |
229 | # user@example.com keys on the local keyring. This option takes the | |
230 | # following arguments, in the order they are to be tried: | |
231 | # | |
232 | # cert = locate a key using DNS CERT, as specified in 2538bis | |
233 | # (currently in draft): http://www.josefsson.org/rfc2538bis/ | |
234 | # | |
235 | # pka = locate a key using DNS PKA. | |
236 | # | |
237 | # ldap = locate a key using the PGP Universal method of checking | |
238 | # "ldap://keys.(thedomain)". | |
239 | # | |
240 | # keyserver = locate a key using whatever keyserver is defined using | |
241 | # the keyserver option. | |
242 | # | |
243 | # You may also list arbitrary keyservers here by URL. | |
244 | # | |
245 | # Try CERT, then PKA, then LDAP, then hkp://subkeys.net: | |
246 | #auto-key-locate cert pka ldap hkp://subkeys.pgp.net | |
1afdf944 MF |
247 | |
248 | utf8-strings |