These first three lines are not copied to the options file in the users home directory. $Id$ # Options for GnuPG # Copyright 1998, 1999, 2000, 2001 Free Software Foundation, Inc. # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # # This file is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # # Unless you you specify which option file to use (with the # commandline option "--options filename"), GnuPG uses the # file ~/.gnupg/options by default. # # An option file can contain all long options which are # available in GnuPG. If the first non white space character of # a line is a '#', this line is ignored. Empty lines are also # ignored. # # See the man page for a list of options. # Uncomment the next line to get rid of the copyright notice #no-greeting # If you have more than 1 secret key in your keyring, you may want # to uncomment the following option and set your preffered keyid #default-key 621CC013 # GnuPG ultimately trusts all keys in the secret keyring. If you do # not have all your secret keys online available you should use this # option to tell GnuPG about ultimately trusted keys. # You have to give the long keyID here which can be obtained by using # the --list-key command along with the option --with-colons; you will # get a line similiar to this one: # pub:u:1024:17:5DE249965B0358A2:1999-03-15:2006-02-04:59:f: # the 5th field is what you want. #trusted-key 12345678ABCDEF01 # If you do not pass a recipient to gpg, it will ask for one. # Using this option you can encrypt to a default key. key validation # will not be done in this case. # The second form uses the default key as default recipient. #default-recipient some-user-id #default-recipient-self # By default GnuPG creates version 3 signatures for data files. This # is not OpenPGP compliant but PGP 6 requires them. To disable it, # you may use this option or --openpgp. #no-force-v3-sigs # Because some mailers change lines starting with "From " to ">From " # it is good to handle such lines in a special way when creating # cleartext signatures; all other PGP versions do it this way too. # To enable full OpenPGP compliance you may want to use this option. #no-escape-from-lines # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell # GnuPG which is the native character set. Please check the man page # for supported character sets. This character set is only used for # Meta data and not for the actual message which does not undergo any # translation. Note that future version of GnuPG will change to UTF-8 # as default character set. #charset utf-8 # You may define aliases like this: # alias mynames -u 0x12345678 -u 0x456789ab -z 9 # everytime you use --mynames, it will be expanded to the options # in the above defintion. The name of the alias may not be abbreviated. # NOTE: This is not yet implemented # lock the file only once for the lifetime of a process. # if you do not define this, the lock will be obtained and released # every time it is needed - normally this is not needed. lock-once # If you have configured GnuPG without a random gatherer # (./configure --enable-static-rnd=none), you have to # uncomment _one_ of the following lines. These # extensions won't get used if you have a random gatherer # compiled in (which is the default for GNU and xxxBSD systems) #load-extension rndlinux #load-extension rndunix #load-extension rndegd # GnuPG can send and receive keys to and from a keyserver. These # servers can be HKP, email, or LDAP (if GnuPG is built with LDAP # support). # # Example HKP keyserver: # x-hkp://keyserver.cryptnet.net # # Example email keyserver: # mailto:pgp-public-keys@keys.nl.pgp.net # # Example LDAP keyserver: # ldap://keyserver.pgp.com # # Regular URL syntax applies, and you can set an alternate port # through the usual method: # x-hkp://keyserver.example.net:22742 # # If you have problems connecting to a HKP server through a buggy # http proxy, you can use this: # x-broken-hkp://keyserver.example.net # But first you should make sure that you have read the man page regarding # proxies (honor-http-proxy) # # Most users just set the name and type of their preferred keyserver. # Most servers do synchronize with each other and DNS round-robin may # give you a quasi-random server each time. #keyserver x-hkp://keyserver.cryptnet.net #keyserver mailto:pgp-public-keys@keys.nl.pgp.net #keyserver ldap://keyserver.pgp.com # Options for keyserver functions # # include-disabled = when searching, include keys marked as "disabled" # on the keyserver (not all keyservers support this). # # include-revoked = when searching, include keys marked as "revoked" # on the keyserver. # # verbose = show more information as the keys are fetched. # Can be used more than once to increase the amount # of information shown. # # use-temp-files = use temporary files instead of a pipe to talk to the # keyserver. Some platforms (Win32 for one) always # have this on. # # keep-temp-files = do not delete temporary files after using them # (really only useful for debugging) # # honor-http-proxy = if the keyserver uses http, honor the http_proxy # environment variable # # auto-key-retrieve = automatically fetch keys as needed from the # keyserver when verifying signatures or when importing # keys that have been revoked by a revocation key that # is not present on the keyring. #keyserver-options auto-key-retrieve include-disabled include-revoked # Uncomment this line to display photo user IDs in key listings #show-photos # Use this program to display photo user IDs # # %i is expanded to a temporary file that contains the photo. # %I is the same as %i, but the file isn't deleted afterwards by GnuPG. # %k is expanded to the key ID of the key. # %K is expanded to the long OpenPGP key ID of the key. # %t is expanded to the extension of the image (e.g. "jpg"). # %T is expanded to the MIME type of the image (e.g. "image/jpeg"). # %f is expanded to the fingerprint of the key. # %% is %, of course. # # If %i or %I are not present, then the photo is supplied to the # viewer on standard input. Standard input is the best way to do # this, as it avoids the time and effort in generating and then # cleaning up a secure temp file. # # The default program is "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin" # # Some other viewers: # photo-viewer "qiv %i" # photo-viewer "ee %i" # photo-viewer "display -title 'KeyID 0x%k'" # # This one saves a copy of the photo ID in your home directory: # photo-viewer "cat > ~/photoid-for-key-%k.%t" # # Use your MIME handler to view photos: # photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG" # Passphrase agent # # We support the old experimental passphrase agent protocol as well # as the new Assuan based one (currently available in the "newpg" package # at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent, you have # to run an agent as daemon and use the option # # use-agent # # which tries to use the agent but will fallback to the regular mode # if there is a problem connecting to the agent. The normal way to # locate the agent is by looking at the environment variable # GPG_AGENT_INFO which should have been set during gpg-agent startup. # In certain situations the use of this variable is not possible, thus # the option # # --gpg-agent-info=::1 # # may be used to override it.