|
63
|
1 # Options for GnuPG
|
|
|
2 # Copyright 1998, 1999, 2000, 2001, 2002, 2003,
|
|
|
3 # 2010 Free Software Foundation, Inc.
|
|
|
4 #
|
|
|
5 # This file is free software; as a special exception the author gives
|
|
|
6 # unlimited permission to copy and/or distribute it, with or without
|
|
|
7 # modifications, as long as this notice is preserved.
|
|
|
8 #
|
|
|
9 # This file is distributed in the hope that it will be useful, but
|
|
|
10 # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
|
|
11 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
12 #
|
|
|
13 # Unless you specify which option file to use (with the command line
|
|
|
14 # option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf
|
|
|
15 # by default.
|
|
|
16 #
|
|
|
17 # An options file can contain any long options which are available in
|
|
|
18 # GnuPG. If the first non white space character of a line is a '#',
|
|
|
19 # this line is ignored. Empty lines are also ignored.
|
|
|
20 #
|
|
|
21 # See the man page for a list of options.
|
|
|
22
|
|
|
23 # Uncomment the following option to get rid of the copyright notice
|
|
|
24
|
|
|
25 #no-greeting
|
|
|
26
|
|
|
27 # If you have more than 1 secret key in your keyring, you may want to
|
|
|
28 # uncomment the following option and set your preferred keyid.
|
|
|
29
|
|
|
30 #default-key 621CC013
|
|
|
31
|
|
|
32 # If you do not pass a recipient to gpg, it will ask for one. Using
|
|
|
33 # this option you can encrypt to a default key. Key validation will
|
|
|
34 # not be done in this case. The second form uses the default key as
|
|
|
35 # default recipient.
|
|
|
36
|
|
|
37 #default-recipient some-user-id
|
|
|
38 #default-recipient-self
|
|
|
39
|
|
|
40 # By default GnuPG creates version 4 signatures for data files as
|
|
|
41 # specified by OpenPGP. Some earlier (PGP 6, PGP 7) versions of PGP
|
|
|
42 # require the older version 3 signatures. Setting this option forces
|
|
|
43 # GnuPG to create version 3 signatures.
|
|
|
44
|
|
|
45 #force-v3-sigs
|
|
|
46
|
|
|
47 # Because some mailers change lines starting with "From " to ">From "
|
|
|
48 # it is good to handle such lines in a special way when creating
|
|
|
49 # cleartext signatures; all other PGP versions do it this way too.
|
|
|
50 # To enable full OpenPGP compliance you may want to use this option.
|
|
|
51
|
|
|
52 #no-escape-from-lines
|
|
|
53
|
|
|
54 # When verifying a signature made from a subkey, ensure that the cross
|
|
|
55 # certification "back signature" on the subkey is present and valid.
|
|
|
56 # This protects against a subtle attack against subkeys that can sign.
|
|
|
57 # Defaults to --no-require-cross-certification. However for new
|
|
|
58 # installations it should be enabled.
|
|
|
59
|
|
|
60 require-cross-certification
|
|
|
61
|
|
|
62
|
|
|
63 # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell
|
|
|
64 # GnuPG which is the native character set. Please check the man page
|
|
|
65 # for supported character sets. This character set is only used for
|
|
|
66 # metadata and not for the actual message which does not undergo any
|
|
|
67 # translation. Note that future version of GnuPG will change to UTF-8
|
|
|
68 # as default character set.
|
|
|
69
|
|
|
70 #charset utf-8
|
|
|
71
|
|
|
72 # Group names may be defined like this:
|
|
|
73 # group mynames = paige 0x12345678 joe patti
|
|
|
74 #
|
|
|
75 # Any time "mynames" is a recipient (-r or --recipient), it will be
|
|
|
76 # expanded to the names "paige", "joe", and "patti", and the key ID
|
|
|
77 # "0x12345678". Note there is only one level of expansion - you
|
|
|
78 # cannot make an group that points to another group. Note also that
|
|
|
79 # if there are spaces in the recipient name, this will appear as two
|
|
|
80 # recipients. In these cases it is better to use the key ID.
|
|
|
81
|
|
|
82 #group mynames = paige 0x12345678 joe patti
|
|
|
83
|
|
|
84 # Some old Windows platforms require 8.3 filenames. If your system
|
|
|
85 # can handle long filenames, uncomment this.
|
|
|
86
|
|
|
87 #no-mangle-dos-filenames
|
|
|
88
|
|
|
89 # Lock the file only once for the lifetime of a process. If you do
|
|
|
90 # not define this, the lock will be obtained and released every time
|
|
|
91 # it is needed - normally this is not needed.
|
|
|
92
|
|
|
93 #lock-once
|
|
|
94
|
|
|
95 # GnuPG can send and receive keys to and from a keyserver. These
|
|
|
96 # servers can be HKP, email, or LDAP (if GnuPG is built with LDAP
|
|
|
97 # support).
|
|
|
98 #
|
|
|
99 # Example HKP keyservers:
|
|
|
100 # hkp://keys.gnupg.net
|
|
|
101 #
|
|
|
102 # Example LDAP keyservers:
|
|
|
103 # ldap://pgp.surfnet.nl:11370
|
|
|
104 #
|
|
|
105 # Regular URL syntax applies, and you can set an alternate port
|
|
|
106 # through the usual method:
|
|
|
107 # hkp://keyserver.example.net:22742
|
|
|
108 #
|
|
|
109 # If you have problems connecting to a HKP server through a buggy http
|
|
|
110 # proxy, you can use keyserver option broken-http-proxy (see below),
|
|
|
111 # but first you should make sure that you have read the man page
|
|
|
112 # regarding proxies (keyserver option honor-http-proxy)
|
|
|
113 #
|
|
|
114 # Most users just set the name and type of their preferred keyserver.
|
|
|
115 # Note that most servers (with the notable exception of
|
|
|
116 # ldap://keyserver.pgp.com) synchronize changes with each other. Note
|
|
|
117 # also that a single server name may actually point to multiple
|
|
|
118 # servers via DNS round-robin. hkp://keys.gnupg.net is an example of
|
|
|
119 # such a "server", which spreads the load over a number of physical
|
|
|
120 # servers. To see the IP address of the server actually used, you may use
|
|
|
121 # the "--keyserver-options debug".
|
|
|
122
|
|
|
123 keyserver hkp://keys.gnupg.net
|
|
|
124 #keyserver http://http-keys.gnupg.net
|
|
|
125 #keyserver mailto:pgp-public-keys@keys.nl.pgp.net
|
|
|
126
|
|
|
127 # Common options for keyserver functions:
|
|
|
128 #
|
|
|
129 # include-disabled = when searching, include keys marked as "disabled"
|
|
|
130 # on the keyserver (not all keyservers support this).
|
|
|
131 #
|
|
|
132 # no-include-revoked = when searching, do not include keys marked as
|
|
|
133 # "revoked" on the keyserver.
|
|
|
134 #
|
|
|
135 # verbose = show more information as the keys are fetched.
|
|
|
136 # Can be used more than once to increase the amount
|
|
|
137 # of information shown.
|
|
|
138 #
|
|
|
139 # use-temp-files = use temporary files instead of a pipe to talk to the
|
|
|
140 # keyserver. Some platforms (Win32 for one) always
|
|
|
141 # have this on.
|
|
|
142 #
|
|
|
143 # keep-temp-files = do not delete temporary files after using them
|
|
|
144 # (really only useful for debugging)
|
|
|
145 #
|
|
|
146 # honor-http-proxy = if the keyserver uses HTTP, honor the http_proxy
|
|
|
147 # environment variable
|
|
|
148 #
|
|
|
149 # broken-http-proxy = try to work around a buggy HTTP proxy
|
|
|
150 #
|
|
|
151 # auto-key-retrieve = automatically fetch keys as needed from the keyserver
|
|
|
152 # when verifying signatures or when importing keys that
|
|
|
153 # have been revoked by a revocation key that is not
|
|
|
154 # present on the keyring.
|
|
|
155 #
|
|
|
156 # no-include-attributes = do not include attribute IDs (aka "photo IDs")
|
|
|
157 # when sending keys to the keyserver.
|
|
|
158
|
|
|
159 #keyserver-options auto-key-retrieve
|
|
|
160
|
|
|
161 # Uncomment this line to display photo user IDs in key listings and
|
|
|
162 # when a signature from a key with a photo is verified.
|
|
|
163
|
|
|
164 #show-photos
|
|
|
165
|
|
|
166 # Use this program to display photo user IDs
|
|
|
167 #
|
|
|
168 # %i is expanded to a temporary file that contains the photo.
|
|
|
169 # %I is the same as %i, but the file isn't deleted afterwards by GnuPG.
|
|
|
170 # %k is expanded to the key ID of the key.
|
|
|
171 # %K is expanded to the long OpenPGP key ID of the key.
|
|
|
172 # %t is expanded to the extension of the image (e.g. "jpg").
|
|
|
173 # %T is expanded to the MIME type of the image (e.g. "image/jpeg").
|
|
|
174 # %f is expanded to the fingerprint of the key.
|
|
|
175 # %% is %, of course.
|
|
|
176 #
|
|
|
177 # If %i or %I are not present, then the photo is supplied to the
|
|
|
178 # viewer on standard input. If your platform supports it, standard
|
|
|
179 # input is the best way to do this as it avoids the time and effort in
|
|
|
180 # generating and then cleaning up a secure temp file.
|
|
|
181 #
|
|
|
182 # The default program is "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin"
|
|
|
183 # On Mac OS X and Windows, the default is to use your regular JPEG image
|
|
|
184 # viewer.
|
|
|
185 #
|
|
|
186 # Some other viewers:
|
|
|
187 # photo-viewer "qiv %i"
|
|
|
188 # photo-viewer "ee %i"
|
|
|
189 # photo-viewer "display -title 'KeyID 0x%k'"
|
|
|
190 #
|
|
|
191 # This one saves a copy of the photo ID in your home directory:
|
|
|
192 # photo-viewer "cat > ~/photoid-for-key-%k.%t"
|
|
|
193 #
|
|
|
194 # Use your MIME handler to view photos:
|
|
|
195 # photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG"
|
|
|
196
|
