################################################################################ # Hardened GPG Configuration (gpg.conf) by Jonathan Cross - 2019 # https://github.com/jonathancross/jc-docs/blob/master/pgp/gpg.conf # Note: this file only lists overrides where needed and omits many options. # Get rid of the copyright notice no-greeting # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell # GnuPG which is the native character set. Please check the man page # for supported character sets. This character set is only used for # metadata and not for the actual message which does not undergo any # translation. Note that future version of GnuPG will change to UTF-8 # as default character set. charset utf-8 # SIGNATURES AND HASHES # message digest algorithm used when signing a key cert-digest-algo SHA512 # This preference list is used for new keys and becomes the default for # "setpref" in the edit menu default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed # Turn up the compression level and prefer BZIP2 over ZIP and ZLIB. bzip2-compress-level 9 compress-level 9 personal-compress-preferences BZIP2 ZIP ZLIB # Prefer more modern ciphers over older ones. personal-cipher-preferences AES256 TWOFISH AES192 BLOWFISH AES CAST5 # Prefer strong hashes whenever possible. personal-digest-preferences SHA512 SHA384 SHA256 SHA224 # When verifying a signature made from a subkey, ensure that the cross # certification "back signature" on the subkey is present and valid. # This protects against a subtle attack against subkeys that can sign. # Defaults to --no-require-cross-certification. However for new # installations it should be enabled. require-cross-certification # Don't include a version number or a comment in my output. no-emit-version no-comments # Always include signatures from these two certificates. # local-user [YOUR KEY HERE] # Display long key IDs keyid-format 0xlong # List all keys (or the specified ones) along with their fingerprints with-fingerprint # Show policy url notation list-options show-policy-url show-user-notations show-sig-expire list-options show-uid-validity # If you do not pass a recipient to gpg, it will ask for one. Using # this option you can encrypt to a default key. Key validation will # not be done in this case. The second form uses the default key as # default recipient. #default-recipient some-user-id default-recipient-self # KEYSERVER OPTIONS keyserver-options auto-key-retrieve keyserver-options no-honor-keyserver-url auto-key-locate keyserver hkps://keys.openpgp.org keyserver hkps://keys.openpgp.org