]> git.wh0rd.org - home.git/blob - .gnupg/gpg.conf
import vapier
[home.git] / .gnupg / gpg.conf
1 # Options for GnuPG
2 # Copyright 1998, 1999, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
3 #
4 # This file is free software; as a special exception the author gives
5 # unlimited permission to copy and/or distribute it, with or without
6 # modifications, as long as this notice is preserved.
7 #
8 # This file is distributed in the hope that it will be useful, but
9 # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
10 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
11 #
12 # Unless you specify which option file to use (with the command line
13 # option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf
14 # by default.
15 #
16 # An options file can contain any long options which are available in
17 # GnuPG. If the first non white space character of a line is a '#',
18 # this line is ignored. Empty lines are also ignored.
19 #
20 # See the man page for a list of options.
21
22 # Uncomment the following option to get rid of the copyright notice
23
24 no-greeting
25
26 # If you have more than 1 secret key in your keyring, you may want to
27 # uncomment the following option and set your preferred keyid.
28
29 #default-key E837F581
30
31 # If you do not pass a recipient to gpg, it will ask for one. Using
32 # this option you can encrypt to a default key. Key validation will
33 # not be done in this case. The second form uses the default key as
34 # default recipient.
35
36 #default-recipient some-user-id
37 #default-recipient-self
38
39 # Use --encrypt-to to add the specified key as a recipient to all
40 # messages. This is useful, for example, when sending mail through a
41 # mail client that does not automatically encrypt mail to your key.
42 # In the example, this option allows you to read your local copy of
43 # encrypted mail that you've sent to others.
44
45 #encrypt-to some-key-id
46
47 # By default GnuPG creates version 3 signatures for data files. This
48 # is not strictly OpenPGP compliant but PGP 6 and most versions of PGP
49 # 7 require them. To disable this behavior, you may use this option
50 # or --openpgp.
51
52 #no-force-v3-sigs
53
54 # Because some mailers change lines starting with "From " to ">From "
55 # it is good to handle such lines in a special way when creating
56 # cleartext signatures; all other PGP versions do it this way too.
57 # To enable full OpenPGP compliance you may want to use this option.
58
59 #no-escape-from-lines
60
61 # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell
62 # GnuPG which is the native character set. Please check the man page
63 # for supported character sets. This character set is only used for
64 # metadata and not for the actual message which does not undergo any
65 # translation. Note that future version of GnuPG will change to UTF-8
66 # as default character set. In most cases this option is not required
67 # GnuPG is able to figure out the correct charset and use that.
68
69 #charset utf-8
70
71 # Group names may be defined like this:
72 # group mynames = paige 0x12345678 joe patti
73 #
74 # Any time "mynames" is a recipient (-r or --recipient), it will be
75 # expanded to the names "paige", "joe", and "patti", and the key ID
76 # "0x12345678". Note there is only one level of expansion - you
77 # cannot make an group that points to another group. Note also that
78 # if there are spaces in the recipient name, this will appear as two
79 # recipients. In these cases it is better to use the key ID.
80
81 #group mynames = paige 0x12345678 joe patti
82
83 # Lock the file only once for the lifetime of a process. If you do
84 # not define this, the lock will be obtained and released every time
85 # it is needed, which is usually preferable.
86
87 #lock-once
88
89 # GnuPG can send and receive keys to and from a keyserver. These
90 # servers can be HKP, email, or LDAP (if GnuPG is built with LDAP
91 # support).
92 #
93 # Example HKP keyserver:
94 # hkp://subkeys.pgp.net
95 #
96 # Example email keyserver:
97 # mailto:pgp-public-keys@keys.pgp.net
98 #
99 # Example LDAP keyservers:
100 # ldap://keyserver.pgp.com
101 #
102 # Regular URL syntax applies, and you can set an alternate port
103 # through the usual method:
104 # hkp://keyserver.example.net:22742
105 #
106 # If you have problems connecting to a HKP server through a buggy http
107 # proxy, you can use keyserver option broken-http-proxy (see below),
108 # but first you should make sure that you have read the man page
109 # regarding proxies (keyserver option honor-http-proxy)
110 #
111 # Most users just set the name and type of their preferred keyserver.
112 # Note that most servers (with the notable exception of
113 # ldap://keyserver.pgp.com) synchronize changes with each other. Note
114 # also that a single server name may actually point to multiple
115 # servers via DNS round-robin. hkp://subkeys.pgp.net is an example of
116 # such a "server", which spreads the load over a number of physical
117 # servers.
118
119 keyserver hkp://subkeys.pgp.net
120 #keyserver hkp://wwwkeys.eu.pgp.net
121 #keyserver mailto:pgp-public-keys@keys.nl.pgp.net
122 #keyserver ldap://pgp.surfnet.nl:11370
123 #keyserver ldap://keyserver.pgp.com
124
125 # Common options for keyserver functions:
126 #
127 # include-disabled = when searching, include keys marked as "disabled"
128 # on the keyserver (not all keyservers support this).
129 #
130 # no-include-revoked = when searching, do not include keys marked as
131 # "revoked" on the keyserver.
132 #
133 # verbose = show more information as the keys are fetched.
134 # Can be used more than once to increase the amount
135 # of information shown.
136 #
137 # use-temp-files = use temporary files instead of a pipe to talk to the
138 # keyserver. Some platforms (Win32 for one) always
139 # have this on.
140 #
141 # keep-temp-files = do not delete temporary files after using them
142 # (really only useful for debugging)
143 #
144 # honor-http-proxy = if the keyserver uses HTTP, honor the http_proxy
145 # environment variable
146 #
147 # broken-http-proxy = try to work around a buggy HTTP proxy
148 #
149 # auto-key-retrieve = automatically fetch keys as needed from the keyserver
150 # when verifying signatures or when importing keys that
151 # have been revoked by a revocation key that is not
152 # present on the keyring.
153 #
154 # no-include-attributes = do not include attribute IDs (aka "photo IDs")
155 # when sending keys to the keyserver.
156
157 keyserver-options timeout=3
158 keyserver-options auto-key-retrieve
159 keyserver-options verbose
160 keyserver-options verbose
161 keyserver-options verbose
162
163 # Display photo user IDs in key listings
164
165 # list-options show-photos
166
167 # Display photo user IDs when a signature from a key with a photo is
168 # verified
169
170 # verify-options show-photos
171
172 # Use this program to display photo user IDs
173 #
174 # %i is expanded to a temporary file that contains the photo.
175 # %I is the same as %i, but the file isn't deleted afterwards by GnuPG.
176 # %k is expanded to the key ID of the key.
177 # %K is expanded to the long OpenPGP key ID of the key.
178 # %t is expanded to the extension of the image (e.g. "jpg").
179 # %T is expanded to the MIME type of the image (e.g. "image/jpeg").
180 # %f is expanded to the fingerprint of the key.
181 # %% is %, of course.
182 #
183 # If %i or %I are not present, then the photo is supplied to the
184 # viewer on standard input. If your platform supports it, standard
185 # input is the best way to do this as it avoids the time and effort in
186 # generating and then cleaning up a secure temp file.
187 #
188 # If no photo-viewer is provided, GnuPG will look for xloadimage, eog,
189 # or display (ImageMagick). On Mac OS X and Windows, the default is
190 # to use your regular JPEG image viewer.
191 #
192 # Some other viewers:
193 # photo-viewer "qiv %i"
194 # photo-viewer "ee %i"
195 #
196 # This one saves a copy of the photo ID in your home directory:
197 # photo-viewer "cat > ~/photoid-for-key-%k.%t"
198 #
199 # Use your MIME handler to view photos:
200 # photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG"
201
202 # Passphrase agent
203 #
204 # We support the old experimental passphrase agent protocol as well as
205 # the new Assuan based one (currently available in the "newpg" package
206 # at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent,
207 # you have to run an agent as daemon and use the option
208 #
209 use-agent
210 #
211 # which tries to use the agent but will fallback to the regular mode
212 # if there is a problem connecting to the agent. The normal way to
213 # locate the agent is by looking at the environment variable
214 # GPG_AGENT_INFO which should have been set during gpg-agent startup.
215 # In certain situations the use of this variable is not possible, thus
216 # the option
217 #
218 # --gpg-agent-info=<path>:<pid>:1
219 #
220 # may be used to override it.
221
222 # Automatic key location
223 #
224 # GnuPG can automatically locate and retrieve keys as needed using the
225 # auto-key-locate option. This happens when encrypting to an email
226 # address (in the "user@example.com" form), and there are no
227 # user@example.com keys on the local keyring. This option takes the
228 # following arguments, in the order they are to be tried:
229 #
230 # cert = locate a key using DNS CERT, as specified in 2538bis
231 # (currently in draft): http://www.josefsson.org/rfc2538bis/
232 #
233 # pka = locate a key using DNS PKA.
234 #
235 # ldap = locate a key using the PGP Universal method of checking
236 # "ldap://keys.(thedomain)".
237 #
238 # keyserver = locate a key using whatever keyserver is defined using
239 # the keyserver option.
240 #
241 # You may also list arbitrary keyservers here by URL.
242 #
243 # Try CERT, then PKA, then LDAP, then hkp://subkeys.net:
244 #auto-key-locate cert pka ldap hkp://subkeys.pgp.net
245
246 utf8-strings