gpg.conf (9200B)
1 # Options for GnuPG 2 # Copyright 1998, 1999, 2000, 2001, 2002, 2003, 3 # 2010 Free Software Foundation, Inc. 4 # 5 # This file is free software; as a special exception the author gives 6 # unlimited permission to copy and/or distribute it, with or without 7 # modifications, as long as this notice is preserved. 8 # 9 # This file is distributed in the hope that it will be useful, but 10 # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the 11 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 # 13 # Unless you specify which option file to use (with the command line 14 # option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf 15 # by default. 16 # 17 # An options file can contain any long options which are available in 18 # GnuPG. If the first non white space character of a line is a '#', 19 # this line is ignored. Empty lines are also ignored. 20 # 21 # See the man page for a list of options. 22 23 # Uncomment the following option to get rid of the copyright notice 24 25 no-greeting 26 27 # If you have more than 1 secret key in your keyring, you may want to 28 # uncomment the following option and set your preferred keyid. 29 30 default-key CBE8A8FE 31 32 # If you do not pass a recipient to gpg, it will ask for one. Using 33 # this option you can encrypt to a default key. Key validation will 34 # not be done in this case. The second form uses the default key as 35 # default recipient. 36 37 #default-recipient some-user-id 38 default-recipient-self 39 40 # Use --encrypt-to to add the specified key as a recipient to all 41 # messages. This is useful, for example, when sending mail through a 42 # mail client that does not automatically encrypt mail to your key. 43 # In the example, this option allows you to read your local copy of 44 # encrypted mail that you've sent to others. 45 46 #encrypt-to some-key-id 47 48 # By default GnuPG creates version 4 signatures for data files as 49 # specified by OpenPGP. Some earlier (PGP 6, PGP 7) versions of PGP 50 # require the older version 3 signatures. Setting this option forces 51 # GnuPG to create version 3 signatures. 52 53 #force-v3-sigs 54 55 # Because some mailers change lines starting with "From " to ">From " 56 # it is good to handle such lines in a special way when creating 57 # cleartext signatures; all other PGP versions do it this way too. 58 59 #no-escape-from-lines 60 61 # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell 62 # GnuPG which is the native character set. Please check the man page 63 # for supported character sets. This character set is only used for 64 # metadata and not for the actual message which does not undergo any 65 # translation. Note that future version of GnuPG will change to UTF-8 66 # as default character set. In most cases this option is not required 67 # as GnuPG is able to figure out the correct charset at runtime. 68 69 charset utf-8 70 71 # Group names may be defined like this: 72 # group mynames = paige 0x12345678 joe patti 73 # 74 # Any time "mynames" is a recipient (-r or --recipient), it will be 75 # expanded to the names "paige", "joe", and "patti", and the key ID 76 # "0x12345678". Note there is only one level of expansion - you 77 # cannot make an group that points to another group. Note also that 78 # if there are spaces in the recipient name, this will appear as two 79 # recipients. In these cases it is better to use the key ID. 80 81 #group mynames = paige 0x12345678 joe patti 82 83 # Lock the file only once for the lifetime of a process. If you do 84 # not define this, the lock will be obtained and released every time 85 # it is needed, which is usually preferable. 86 87 #lock-once 88 89 # GnuPG can send and receive keys to and from a keyserver. These 90 # servers can be HKP, email, or LDAP (if GnuPG is built with LDAP 91 # support). 92 # 93 # Example HKP keyserver: 94 # hkp://keys.gnupg.net 95 # hkp://subkeys.pgp.net 96 # 97 # Example email keyserver: 98 # mailto:pgp-public-keys@keys.pgp.net 99 # 100 # Example LDAP keyservers: 101 # ldap://keyserver.pgp.com 102 # 103 # Regular URL syntax applies, and you can set an alternate port 104 # through the usual method: 105 # hkp://keyserver.example.net:22742 106 # 107 # Most users just set the name and type of their preferred keyserver. 108 # Note that most servers (with the notable exception of 109 # ldap://keyserver.pgp.com) synchronize changes with each other. Note 110 # also that a single server name may actually point to multiple 111 # servers via DNS round-robin. hkp://keys.gnupg.net is an example of 112 # such a "server", which spreads the load over a number of physical 113 # servers. To see the IP address of the server actually used, you may use 114 # the "--keyserver-options debug". 115 116 keyserver hkp://keys.gnupg.net 117 #keyserver pgp.mit.edu 118 #keyserver mailto:pgp-public-keys@keys.nl.pgp.net 119 #keyserver ldap://keyserver.pgp.com 120 121 # Common options for keyserver functions: 122 # 123 # include-disabled : when searching, include keys marked as "disabled" 124 # on the keyserver (not all keyservers support this). 125 # 126 # no-include-revoked : when searching, do not include keys marked as 127 # "revoked" on the keyserver. 128 # 129 # verbose : show more information as the keys are fetched. 130 # Can be used more than once to increase the amount 131 # of information shown. 132 # 133 # use-temp-files : use temporary files instead of a pipe to talk to the 134 # keyserver. Some platforms (Win32 for one) always 135 # have this on. 136 # 137 # keep-temp-files : do not delete temporary files after using them 138 # (really only useful for debugging) 139 # 140 # http-proxy="proxy" : set the proxy to use for HTTP and HKP keyservers. 141 # This overrides the "http_proxy" environment variable, 142 # if any. 143 # 144 # auto-key-retrieve : automatically fetch keys as needed from the keyserver 145 # when verifying signatures or when importing keys that 146 # have been revoked by a revocation key that is not 147 # present on the keyring. 148 # 149 # no-include-attributes : do not include attribute IDs (aka "photo IDs") 150 # when sending keys to the keyserver. 151 152 #keyserver-options auto-key-retrieve 153 154 # Display photo user IDs in key listings 155 156 # list-options show-photos 157 158 # Display photo user IDs when a signature from a key with a photo is 159 # verified 160 161 # verify-options show-photos 162 163 # Use this program to display photo user IDs 164 # 165 # %i is expanded to a temporary file that contains the photo. 166 # %I is the same as %i, but the file isn't deleted afterwards by GnuPG. 167 # %k is expanded to the key ID of the key. 168 # %K is expanded to the long OpenPGP key ID of the key. 169 # %t is expanded to the extension of the image (e.g. "jpg"). 170 # %T is expanded to the MIME type of the image (e.g. "image/jpeg"). 171 # %f is expanded to the fingerprint of the key. 172 # %% is %, of course. 173 # 174 # If %i or %I are not present, then the photo is supplied to the 175 # viewer on standard input. If your platform supports it, standard 176 # input is the best way to do this as it avoids the time and effort in 177 # generating and then cleaning up a secure temp file. 178 # 179 # If no photo-viewer is provided, GnuPG will look for xloadimage, eog, 180 # or display (ImageMagick). On Mac OS X and Windows, the default is 181 # to use your regular JPEG image viewer. 182 # 183 # Some other viewers: 184 # photo-viewer "qiv %i" 185 # photo-viewer "ee %i" 186 # 187 # This one saves a copy of the photo ID in your home directory: 188 # photo-viewer "cat > ~/photoid-for-key-%k.%t" 189 # 190 # Use your MIME handler to view photos: 191 # photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG" 192 193 # Passphrase agent 194 # 195 # We support the old experimental passphrase agent protocol as well as 196 # the new Assuan based one (currently available in the "newpg" package 197 # at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent, 198 # you have to run an agent as daemon and use the option 199 # 200 use-agent 201 # 202 # which tries to use the agent but will fallback to the regular mode 203 # if there is a problem connecting to the agent. The normal way to 204 # locate the agent is by looking at the environment variable 205 # GPG_AGENT_INFO which should have been set during gpg-agent startup. 206 # In certain situations the use of this variable is not possible, thus 207 # the option 208 # 209 # --gpg-agent-info=<path>:<pid>:1 210 # 211 # may be used to override it. 212 213 # Automatic key location 214 # 215 # GnuPG can automatically locate and retrieve keys as needed using the 216 # auto-key-locate option. This happens when encrypting to an email 217 # address (in the "user@example.com" form), and there are no 218 # user@example.com keys on the local keyring. This option takes the 219 # following arguments, in the order they are to be tried: 220 # 221 # cert = locate a key using DNS CERT, as specified in RFC-4398. 222 # GnuPG can handle both the PGP (key) and IPGP (URL + fingerprint) 223 # CERT methods. 224 # 225 # pka = locate a key using DNS PKA. 226 # 227 # ldap = locate a key using the PGP Universal method of checking 228 # "ldap://keys.(thedomain)". For example, encrypting to 229 # user@example.com will check ldap://keys.example.com. 230 # 231 # keyserver = locate a key using whatever keyserver is defined using 232 # the keyserver option. 233 # 234 # You may also list arbitrary keyservers here by URL. 235 # 236 # Try CERT, then PKA, then LDAP, then hkp://subkeys.net: 237 #auto-key-locate cert pka ldap hkp://subkeys.pgp.net