mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-26 10:59:58 +01:00
ad2bfad4cc
for use with secret keys. * seckey-cert.c (do_check): Always calculate the old checksum for use after unprotection. * g10.c, options.skel: New option --no-escape-from. Made --escape-from and --force-v3-sigs the default and removed them from the options skeleton.
205 lines
7.6 KiB
Plaintext
205 lines
7.6 KiB
Plaintext
These first three lines are not copied to the options file in
|
|
the users home directory.
|
|
$Id$
|
|
# Options for GnuPG
|
|
# Copyright 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
|
|
#
|
|
# This file is free software; as a special exception the author gives
|
|
# unlimited permission to copy and/or distribute it, with or without
|
|
# modifications, as long as this notice is preserved.
|
|
#
|
|
# This file is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
|
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
#
|
|
# Unless you you specify which option file to use (with the
|
|
# commandline option "--options filename"), GnuPG uses the
|
|
# file ~/.gnupg/options by default.
|
|
#
|
|
# An option file can contain all long options which are
|
|
# available in GnuPG. If the first non white space character of
|
|
# a line is a '#', this line is ignored. Empty lines are also
|
|
# ignored.
|
|
#
|
|
# See the man page for a list of options.
|
|
|
|
# Uncomment the next line to get rid of the copyright notice
|
|
#no-greeting
|
|
|
|
# If you have more than 1 secret key in your keyring, you may want
|
|
# to uncomment the following option and set your preffered keyid
|
|
|
|
#default-key 621CC013
|
|
|
|
# GnuPG ultimately trusts all keys in the secret keyring. If you do
|
|
# not have all your secret keys online available you should use this
|
|
# option to tell GnuPG about ultimately trusted keys.
|
|
# You have to give the long keyID here which can be obtained by using
|
|
# the --list-key command along with the option --with-colons; you will
|
|
# get a line similiar to this one:
|
|
# pub:u:1024:17:5DE249965B0358A2:1999-03-15:2006-02-04:59:f:
|
|
# the 5th field is what you want.
|
|
|
|
#trusted-key 12345678ABCDEF01
|
|
|
|
|
|
# If you do not pass a recipient to gpg, it will ask for one.
|
|
# Using this option you can encrypt to a default key. key validation
|
|
# will not be done in this case.
|
|
# The second form uses the default key as default recipient.
|
|
|
|
#default-recipient some-user-id
|
|
#default-recipient-self
|
|
|
|
# By default GnuPG creates version 3 signatures for data files. This
|
|
# is not OpenPGP compliant but PGP 6 requires them. To disable it,
|
|
# you may use this option or --openpgp.
|
|
#no-force-v3-sigs
|
|
|
|
# Because some mailers change lines starting with "From " to ">From "
|
|
# it is good to handle such lines in a special way when creating
|
|
# cleartext signatures; all other PGP versions do it this way too.
|
|
# To enable full OpenPGP compliance you may want to use this option.
|
|
#no-escape-from-lines
|
|
|
|
# If you do not use the Latin-1 (ISO-8859-1) charset, you should tell
|
|
# GnuPG which is the native character set. Please check the man page
|
|
# for supported character sets. This character set is only used for
|
|
# Meta data and not for the actual message which does not undergo any
|
|
# translation. Note that future version of GnuPG will change to UTF-8
|
|
# as default character set.
|
|
#charset utf-8
|
|
|
|
|
|
# You may define aliases like this:
|
|
# alias mynames -u 0x12345678 -u 0x456789ab -z 9
|
|
# everytime you use --mynames, it will be expanded to the options
|
|
# in the above defintion. The name of the alias may not be abbreviated.
|
|
# NOTE: This is not yet implemented
|
|
|
|
# lock the file only once for the lifetime of a process.
|
|
# if you do not define this, the lock will be obtained and released
|
|
# every time it is needed - normally this is not needed.
|
|
lock-once
|
|
|
|
# If you have configured GnuPG without a random gatherer
|
|
# (./configure --enable-static-rnd=none), you have to
|
|
# uncomment _one_ of the following lines. These
|
|
# extensions won't get used if you have a random gatherer
|
|
# compiled in (which is the default for GNU and xxxBSD systems)
|
|
#load-extension rndlinux
|
|
#load-extension rndunix
|
|
#load-extension rndegd
|
|
|
|
# GnuPG can send and receive keys to and from a keyserver. These
|
|
# servers can be HKP, email, or LDAP (if GnuPG is built with LDAP
|
|
# support).
|
|
#
|
|
# Example HKP keyserver:
|
|
# x-hkp://keyserver.cryptnet.net
|
|
#
|
|
# Example email keyserver:
|
|
# mailto:pgp-public-keys@keys.nl.pgp.net
|
|
#
|
|
# Example LDAP keyserver:
|
|
# ldap://keyserver.pgp.com
|
|
#
|
|
# Regular URL syntax applies, and you can set an alternate port
|
|
# through the usual method:
|
|
# x-hkp://keyserver.example.net:22742
|
|
#
|
|
# If you have problems connecting to a HKP server through a buggy
|
|
# http proxy, you can use this:
|
|
# x-broken-hkp://keyserver.example.net
|
|
# But first you should make sure that you have read the man page regarding
|
|
# proxies (honor-http-proxy)
|
|
#
|
|
# Most users just set the name and type of their preferred keyserver.
|
|
# Most servers do synchronize with each other and DNS round-robin may
|
|
# give you a quasi-random server each time.
|
|
|
|
#keyserver x-hkp://keyserver.cryptnet.net
|
|
#keyserver mailto:pgp-public-keys@keys.nl.pgp.net
|
|
#keyserver ldap://keyserver.pgp.com
|
|
|
|
# Options for keyserver functions
|
|
#
|
|
# include-disabled = when searching, include keys marked as "disabled"
|
|
# on the keyserver (not all keyservers support this).
|
|
#
|
|
# include-revoked = when searching, include keys marked as "revoked"
|
|
# on the keyserver.
|
|
#
|
|
# verbose = show more information as the keys are fetched.
|
|
# Can be used more than once to increase the amount
|
|
# of information shown.
|
|
#
|
|
# use-temp-files = use temporary files instead of a pipe to talk to the
|
|
# keyserver. Some platforms (Win32 for one) always
|
|
# have this on.
|
|
#
|
|
# keep-temp-files = do not delete temporary files after using them
|
|
# (really only useful for debugging)
|
|
#
|
|
# honor-http-proxy = if the keyserver uses http, honor the http_proxy
|
|
# environment variable
|
|
#
|
|
# auto-key-retrieve = automatically fetch keys as needed from the
|
|
# keyserver when verifying signatures or when importing
|
|
# keys that have been revoked by a revocation key that
|
|
# is not present on the keyring.
|
|
|
|
#keyserver-options auto-key-retrieve include-disabled include-revoked
|
|
|
|
# Uncomment this line to display photo user IDs in key listings
|
|
#show-photos
|
|
|
|
# Use this program to display photo user IDs
|
|
#
|
|
# %i is expanded to a temporary file that contains the photo.
|
|
# %I is the same as %i, but the file isn't deleted afterwards by GnuPG.
|
|
# %k is expanded to the key ID of the key.
|
|
# %K is expanded to the long OpenPGP key ID of the key.
|
|
# %t is expanded to the type of image (e.g. "jpeg").
|
|
# %f is expanded to the fingerprint of the key.
|
|
# %% is %, of course.
|
|
#
|
|
# If %i or %I are not present, then the photo is supplied to the
|
|
# viewer on standard input. Standard input is the best way to do
|
|
# this, as it avoids the time and effort in generating and then
|
|
# cleaning up a secure temp file.
|
|
#
|
|
# The default program is "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin"
|
|
#
|
|
# Some other viewers:
|
|
# photo-viewer "qiv %i"
|
|
# photo-viewer "ee %i"
|
|
# photo-viewer "display -title 'KeyID 0x%k'"
|
|
#
|
|
# This one saves a copy of the photo ID in your home directory:
|
|
# photo-viewer "cat > ~/photoid-for-key-%k.jpg"
|
|
#
|
|
# Use your MIME handler to view photos:
|
|
# photo-viewer "metamail -q -d -b -c image/%t -s 'KeyID 0x%k' -f GnuPG"
|
|
|
|
|
|
# Passphrase agent
|
|
#
|
|
# We support the old experimental passphrase agent protocol as well
|
|
# as the new Assuan based one (currently available in the "newpg" package
|
|
# at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent, you have
|
|
# to run an agent as daemon and use the option
|
|
#
|
|
# use-agent
|
|
#
|
|
# which tries to use the agent but will fallback to the regular mode
|
|
# if there is a problem connecting to the agent. The normal way to
|
|
# locate the agent is by looking at the environment variable
|
|
# GPG_AGENT_INFO which should have been set during gpg-agent startup.
|
|
# In certain situations the use of this variable is not possible, thus
|
|
# the option
|
|
#
|
|
# --gpg-agent-info=<path>:<pid>:1
|
|
#
|
|
# may be used to override it.
|