diff options
author | Mike Crute <mike@crute.us> | 2018-04-07 20:44:26 +0000 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2018-04-07 20:44:26 +0000 |
commit | 9d64a7b5aa947f51606dfdf163484a9e3a668ba5 (patch) | |
tree | e5fe926d849279aa6df42ee25a98efaf747f9920 /.gnupg | |
parent | 76f74ffbc96a098a00f90cc3ffb601a473db05e6 (diff) | |
download | dotfiles-9d64a7b5aa947f51606dfdf163484a9e3a668ba5.tar.bz2 dotfiles-9d64a7b5aa947f51606dfdf163484a9e3a668ba5.tar.xz dotfiles-9d64a7b5aa947f51606dfdf163484a9e3a668ba5.zip |
Add GPG config file
Diffstat (limited to '.gnupg')
-rw-r--r-- | .gnupg/gpg.conf | 231 |
1 files changed, 231 insertions, 0 deletions
diff --git a/.gnupg/gpg.conf b/.gnupg/gpg.conf new file mode 100644 index 0000000..e6cb8ba --- /dev/null +++ b/.gnupg/gpg.conf | |||
@@ -0,0 +1,231 @@ | |||
1 | # Unless you specify which option file to use (with the command line | ||
2 | # option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf | ||
3 | # by default. | ||
4 | # | ||
5 | # An options file can contain any long options which are available in | ||
6 | # GnuPG. If the first non white space character of a line is a '#', | ||
7 | # this line is ignored. Empty lines are also ignored. | ||
8 | # | ||
9 | # See the man page for a list of options. | ||
10 | |||
11 | # Uncomment the following option to get rid of the copyright notice | ||
12 | |||
13 | no-greeting | ||
14 | |||
15 | # If you have more than 1 secret key in your keyring, you may want to | ||
16 | # uncomment the following option and set your preferred keyid. | ||
17 | |||
18 | #default-key XXXXXXXX | ||
19 | |||
20 | # If you do not pass a recipient to gpg, it will ask for one. Using | ||
21 | # this option you can encrypt to a default key. Key validation will | ||
22 | # not be done in this case. The second form uses the default key as | ||
23 | # default recipient. | ||
24 | |||
25 | #default-recipient some-user-id | ||
26 | #default-recipient-self | ||
27 | |||
28 | # Use --encrypt-to to add the specified key as a recipient to all | ||
29 | # messages. This is useful, for example, when sending mail through a | ||
30 | # mail client that does not automatically encrypt mail to your key. | ||
31 | # In the example, this option allows you to read your local copy of | ||
32 | # encrypted mail that you've sent to others. | ||
33 | |||
34 | #encrypt-to some-key-id | ||
35 | |||
36 | # By default GnuPG creates version 4 signatures for data files as | ||
37 | # specified by OpenPGP. Some earlier (PGP 6, PGP 7) versions of PGP | ||
38 | # require the older version 3 signatures. Setting this option forces | ||
39 | # GnuPG to create version 3 signatures. | ||
40 | |||
41 | #force-v3-sigs | ||
42 | |||
43 | # Because some mailers change lines starting with "From " to ">From " | ||
44 | # it is good to handle such lines in a special way when creating | ||
45 | # cleartext signatures; all other PGP versions do it this way too. | ||
46 | |||
47 | #no-escape-from-lines | ||
48 | |||
49 | # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell | ||
50 | # GnuPG which is the native character set. Please check the man page | ||
51 | # for supported character sets. This character set is only used for | ||
52 | # metadata and not for the actual message which does not undergo any | ||
53 | # translation. Note that future version of GnuPG will change to UTF-8 | ||
54 | # as default character set. In most cases this option is not required | ||
55 | # as GnuPG is able to figure out the correct charset at runtime. | ||
56 | |||
57 | charset utf-8 | ||
58 | |||
59 | # Group names may be defined like this: | ||
60 | # group mynames = paige 0x12345678 joe patti | ||
61 | # | ||
62 | # Any time "mynames" is a recipient (-r or --recipient), it will be | ||
63 | # expanded to the names "paige", "joe", and "patti", and the key ID | ||
64 | # "0x12345678". Note there is only one level of expansion - you | ||
65 | # cannot make an group that points to another group. Note also that | ||
66 | # if there are spaces in the recipient name, this will appear as two | ||
67 | # recipients. In these cases it is better to use the key ID. | ||
68 | |||
69 | #group mynames = paige 0x12345678 joe patti | ||
70 | |||
71 | # Lock the file only once for the lifetime of a process. If you do | ||
72 | # not define this, the lock will be obtained and released every time | ||
73 | # it is needed, which is usually preferable. | ||
74 | |||
75 | #lock-once | ||
76 | |||
77 | # GnuPG can send and receive keys to and from a keyserver. These | ||
78 | # servers can be HKP, email, or LDAP (if GnuPG is built with LDAP | ||
79 | # support). | ||
80 | # | ||
81 | # Example HKP keyserver: | ||
82 | # hkp://keys.gnupg.net | ||
83 | # hkp://subkeys.pgp.net | ||
84 | # | ||
85 | # Example email keyserver: | ||
86 | # mailto:pgp-public-keys@keys.pgp.net | ||
87 | # | ||
88 | # Example LDAP keyservers: | ||
89 | # ldap://keyserver.pgp.com | ||
90 | # | ||
91 | # Regular URL syntax applies, and you can set an alternate port | ||
92 | # through the usual method: | ||
93 | # hkp://keyserver.example.net:22742 | ||
94 | # | ||
95 | # Most users just set the name and type of their preferred keyserver. | ||
96 | # Note that most servers (with the notable exception of | ||
97 | # ldap://keyserver.pgp.com) synchronize changes with each other. Note | ||
98 | # also that a single server name may actually point to multiple | ||
99 | # servers via DNS round-robin. hkp://keys.gnupg.net is an example of | ||
100 | # such a "server", which spreads the load over a number of physical | ||
101 | # servers. To see the IP address of the server actually used, you may use | ||
102 | # the "--keyserver-options debug". | ||
103 | |||
104 | keyserver hkp://keys.gnupg.net | ||
105 | #keyserver mailto:pgp-public-keys@keys.nl.pgp.net | ||
106 | #keyserver ldap://keyserver.pgp.com | ||
107 | |||
108 | # Common options for keyserver functions: | ||
109 | # | ||
110 | # include-disabled : when searching, include keys marked as "disabled" | ||
111 | # on the keyserver (not all keyservers support this). | ||
112 | # | ||
113 | # no-include-revoked : when searching, do not include keys marked as | ||
114 | # "revoked" on the keyserver. | ||
115 | # | ||
116 | # verbose : show more information as the keys are fetched. | ||
117 | # Can be used more than once to increase the amount | ||
118 | # of information shown. | ||
119 | # | ||
120 | # use-temp-files : use temporary files instead of a pipe to talk to the | ||
121 | # keyserver. Some platforms (Win32 for one) always | ||
122 | # have this on. | ||
123 | # | ||
124 | # keep-temp-files : do not delete temporary files after using them | ||
125 | # (really only useful for debugging) | ||
126 | # | ||
127 | # http-proxy="proxy" : set the proxy to use for HTTP and HKP keyservers. | ||
128 | # This overrides the "http_proxy" environment variable, | ||
129 | # if any. | ||
130 | # | ||
131 | # auto-key-retrieve : automatically fetch keys as needed from the keyserver | ||
132 | # when verifying signatures or when importing keys that | ||
133 | # have been revoked by a revocation key that is not | ||
134 | # present on the keyring. | ||
135 | # | ||
136 | # no-include-attributes : do not include attribute IDs (aka "photo IDs") | ||
137 | # when sending keys to the keyserver. | ||
138 | |||
139 | #keyserver-options auto-key-retrieve | ||
140 | |||
141 | # Display photo user IDs in key listings | ||
142 | |||
143 | # list-options show-photos | ||
144 | |||
145 | # Display photo user IDs when a signature from a key with a photo is | ||
146 | # verified | ||
147 | |||
148 | # verify-options show-photos | ||
149 | |||
150 | # Use this program to display photo user IDs | ||
151 | # | ||
152 | # %i is expanded to a temporary file that contains the photo. | ||
153 | # %I is the same as %i, but the file isn't deleted afterwards by GnuPG. | ||
154 | # %k is expanded to the key ID of the key. | ||
155 | # %K is expanded to the long OpenPGP key ID of the key. | ||
156 | # %t is expanded to the extension of the image (e.g. "jpg"). | ||
157 | # %T is expanded to the MIME type of the image (e.g. "image/jpeg"). | ||
158 | # %f is expanded to the fingerprint of the key. | ||
159 | # %% is %, of course. | ||
160 | # | ||
161 | # If %i or %I are not present, then the photo is supplied to the | ||
162 | # viewer on standard input. If your platform supports it, standard | ||
163 | # input is the best way to do this as it avoids the time and effort in | ||
164 | # generating and then cleaning up a secure temp file. | ||
165 | # | ||
166 | # If no photo-viewer is provided, GnuPG will look for xloadimage, eog, | ||
167 | # or display (ImageMagick). On Mac OS X and Windows, the default is | ||
168 | # to use your regular JPEG image viewer. | ||
169 | # | ||
170 | # Some other viewers: | ||
171 | # photo-viewer "qiv %i" | ||
172 | # photo-viewer "ee %i" | ||
173 | # | ||
174 | # This one saves a copy of the photo ID in your home directory: | ||
175 | # photo-viewer "cat > ~/photoid-for-key-%k.%t" | ||
176 | # | ||
177 | # Use your MIME handler to view photos: | ||
178 | # photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG" | ||
179 | |||
180 | # Passphrase agent | ||
181 | # | ||
182 | # We support the old experimental passphrase agent protocol as well as | ||
183 | # the new Assuan based one (currently available in the "newpg" package | ||
184 | # at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent, | ||
185 | # you have to run an agent as daemon and use the option | ||
186 | # | ||
187 | # For Ubuntu we now use-agent by default to support more automatic | ||
188 | # use of GPG and S/MIME encryption by GUI programs. Depending on the | ||
189 | # program, users may still have to manually decide to install gnupg-agent. | ||
190 | |||
191 | use-agent | ||
192 | |||
193 | # which tries to use the agent but will fallback to the regular mode | ||
194 | # if there is a problem connecting to the agent. The normal way to | ||
195 | # locate the agent is by looking at the environment variable | ||
196 | # GPG_AGENT_INFO which should have been set during gpg-agent startup. | ||
197 | # In certain situations the use of this variable is not possible, thus | ||
198 | # the option | ||
199 | # | ||
200 | # --gpg-agent-info=<path>:<pid>:1 | ||
201 | # | ||
202 | # may be used to override it. | ||
203 | |||
204 | # Automatic key location | ||
205 | # | ||
206 | # GnuPG can automatically locate and retrieve keys as needed using the | ||
207 | # auto-key-locate option. This happens when encrypting to an email | ||
208 | # address (in the "user@example.com" form), and there are no | ||
209 | # user@example.com keys on the local keyring. This option takes the | ||
210 | # following arguments, in the order they are to be tried: | ||
211 | # | ||
212 | # cert = locate a key using DNS CERT, as specified in RFC-4398. | ||
213 | # GnuPG can handle both the PGP (key) and IPGP (URL + fingerprint) | ||
214 | # CERT methods. | ||
215 | # | ||
216 | # pka = locate a key using DNS PKA. | ||
217 | # | ||
218 | # ldap = locate a key using the PGP Universal method of checking | ||
219 | # "ldap://keys.(thedomain)". For example, encrypting to | ||
220 | # user@example.com will check ldap://keys.example.com. | ||
221 | # | ||
222 | # keyserver = locate a key using whatever keyserver is defined using | ||
223 | # the keyserver option. | ||
224 | # | ||
225 | # You may also list arbitrary keyservers here by URL. | ||
226 | # | ||
227 | # Try CERT, then PKA, then LDAP, then hkp://subkeys.net: | ||
228 | #auto-key-locate cert pka ldap hkp://subkeys.pgp.net | ||
229 | |||
230 | # Always display long keys | ||
231 | keyid-format long | ||