path: root/gnupg
diff options
authorTom Ryder <tom@sanctum.geek.nz>2013-11-04 17:33:22 +1300
committerTom Ryder <tom@sanctum.geek.nz>2013-11-04 17:33:22 +1300
commit6af478dd526d9ec1edbc3fd4d4f9a68d67acf13a (patch)
tree95b2bc4ba4acee52d9af10501f0b20f9e284ef4d /gnupg
parentBash 2.0 compatible syntax; type -P is new (diff)
Add commentary to the cryptic GnuPG conf file
Diffstat (limited to 'gnupg')
1 files changed, 34 insertions, 0 deletions
diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf
index 2173f954..aa63f256 100644
--- a/gnupg/gpg.conf
+++ b/gnupg/gpg.conf
@@ -1,16 +1,50 @@
+# Prevent boilerplate about needing key decryption, which is handled by the
+# agent; occasionally this needs to be overriden with --no-batch. I like my
+# programs to be as quiet as possible unless I specifically ask them otherwise
+# Use SHA512 as the hash when making key signatures
cert-digest-algo SHA512
+# Specify the hash algorithms to be used for new keys as available
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
+# In the absence of any other recipient, encrypt messages for myself
+# Show complete dates and use proper column separation for --with-colon listing mode
+# Use 16-character key IDs as the default 8-character key IDs can be forged
keyid-format 0xlong
+# Use a pool of servers which support HKPS (encrypted key retrieval)
keyserver hkps://hkps.pool.sks-keyservers.net
+# Retrieve keys automatically; check the keyserver port cert; use whichever
+# server is proffered from the pool
keyserver-options auto-key-retrieve check-cert no-honor-keyserver-url
+# Include trust/validity for UIDs in listings
list-options show-uid-validity
+# Suppress the copyright message
+# Use SHA512 as my message digest, overriding GnuPG's efforts to use the lowest
+# common denominator in hashing algorithms
personal-digest-preferences SHA512
+# Suppress a lot of output; sometimes I add --verbose to undo this
+# Use the GPG agent for key management and decryption
+# Include trust/validity for UIDs when verifying signatures
verify-options show-uid-validity
+# Assume "yes" is the answer to most questions, that is, don't keep asking me
+# to confirm something I've asked to be done