Dotfiles from time before I knew the word dotfiles, but the name has stuck.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

109 lines
4.3KB

  1. # Options for GnuPG
  2. # Copyright 1998, 1999, 2000, 2001, 2002, 2003,
  3. # 2010 Free Software Foundation, Inc.
  4. # 2012 - 2018 Mikaela Suomalainen
  5. # This file is free software; as a special exception the author gives
  6. # unlimited permission to copy and/or distribute it, with or without
  7. # modifications, as long as this notice is preserved.
  8. #
  9. # This file is distributed in the hope that it will be useful, but
  10. # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
  11. # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  12. #
  13. # Unless you specify which option file to use (with the command line
  14. # option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf
  15. # by default.
  16. #
  17. # An options file can contain any long options which are available in
  18. # GnuPG. If the first non white space character of a line is a '#',
  19. # this line is ignored. Empty lines are also ignored.
  20. #
  21. # See the man page for a list of options.
  22. # Use my key by default, trusted-key puts it to ultimate trust even if the
  23. # private key is not present and default-recepient-self is not enough for
  24. # gpg --encrypt -r
  25. #local-user 0x99392F62BAE30723 # MIKAELA_GREP # MIKAELA_GREP_GPG
  26. #trusted-key 0x99392F62BAE30723 # MIKAELA_GREP # MIKAELA_GREP_GPG
  27. #encrypt-to 0x99392F62BAE30723 # MIKAELA_GREP # MIKAELA_GREP_GPG
  28. # WTOP
  29. #local-user 0xDC189FE6FA9BD685 # MIKAELA_GREP # MIKAELA_GREP_GPG
  30. #trusted-key 0xDC189FE6FA9BD685 # MIKAELA_GREP # MIKAELA_GREP_GPG
  31. #encrypt-to 0xDC189FE6FA9BD685 # MIKAELA_GREP # MIKAELA_GREP_GPG
  32. # Ignore preferred keyserver and also import non-self-sigs
  33. keyserver-options no-honor-keyserver-url,no-self-sigs-only
  34. # The defaults are apparently self-sigs-only,import-clean starting from
  35. # gpg 2.2.17, but there seem to be controversial views on them and I need
  36. # some not-self-sigs with `--fetch-keys`
  37. # Debian uses self-sigs-only (while I would be fine with import-clean)
  38. # * https://dev.gnupg.org/T4628#128513
  39. # Arch Linux reverts the change going by no-self-sigs-only,no-import-clean
  40. # * https://bugs.archlinux.org/task/63147
  41. # Try to automatically find keys from local/wkd if key for email address isn't found, but we are encrypting to email address.
  42. auto-key-retrieve
  43. auto-key-locate local,wkd,dane
  44. # Encrypt to sender's key by default
  45. default-recipient-self
  46. # Use UTF-8 charset
  47. charset UTF-8
  48. display-charset utf-8
  49. # use GPG Agent to avoid retyping passphrase very often.
  50. use-agent
  51. # Do everything in ASCII format by default instead of binary
  52. armor
  53. # Show the LONG KEYID and fingerprint by default and tell that it's hexadecimal string.
  54. keyid-format 0xLONG
  55. with-fingerprint
  56. with-wkd-hash
  57. with-keygrip
  58. # I refuse to comment on GPG's weird scale how I have verified keys as
  59. # I appear to disagree on the official meanings of 1-3.
  60. # If I sign a key, I have verified it to best of my ability. Also
  61. # apparently it doesn't have much meaning anyway https://debian-administration.org/users/dkg/weblog/98
  62. no-ask-cert-level
  63. default-cert-level 0
  64. # Count also the persona signatures for WoT if someone has those.
  65. min-cert-level 1
  66. # Ask when signatures expire.
  67. ask-cert-expire
  68. default-cert-expire 2y
  69. # Copying https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#update-your-gpg-defaults
  70. # when outputting certificates, view user IDs distinctly from keys:
  71. fixed-list-mode
  72. # You should always know at a glance which User IDs gpg thinks are legitimately bound to the keys in your keyring:
  73. verify-options show-uid-validity
  74. # Display calculated validity, which keyring the keys are from and when
  75. # signatures expire
  76. list-options show-uid-validity,show-keyring,show-sig-expire
  77. # Disable comments
  78. no-comments
  79. # Don't output version, small chance of having people put same keys on IPFS
  80. no-emit-version
  81. # Trust On First Use (marginal trust) with WoT being full trust. I find this
  82. # less annoying in KMail than only WoT or the comment below, and I think it
  83. # may be additional motivation for me to actually sign the keys I trust with
  84. # all keyservers hiding signatures and gpg not importing them.
  85. # I think `keybase pgp pull` also helps here as the people I am tracking
  86. # there are going to be in my keyring, however it's still a centralized
  87. # service.
  88. trust-model tofu+pgp
  89. # WoT with TOFU’s conflict detection, but without positive trust. This may
  90. # be better due to https://gitea.blesmrt.net/mikaela/pgp-alt-wot/ and lsign.
  91. tofu-default-policy unknown