1 # Configuration file for GnuPG.
3 # Thanks to [1] for some hints to generate more secure keys (read on
6 # [1]: https://we.riseup.net/riseuplabs+paow/openpgp-best-practices
8 # Copyright (C) 2009-2013 Simon Ruderich
10 # This file is free software: you can redistribute it and/or modify
11 # it under the terms of the GNU General Public License as published by
12 # the Free Software Foundation, either version 3 of the License, or
13 # (at your option) any later version.
15 # This file is distributed in the hope that it will be useful,
16 # but WITHOUT ANY WARRANTY; without even the implied warranty of
17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 # GNU General Public License for more details.
20 # You should have received a copy of the GNU General Public License
21 # along with this file. If not, see <http://www.gnu.org/licenses/>.
26 # Don't display the copyright notice.
29 # Use long keyids because the short ones have collisions.
35 # Use more secure preferences. These are not enforced, but tried in the given
36 # order and the first supported by all recipients is used.
38 # Ciphers for encryption.
39 personal-cipher-preferences AES256 AES192 AES CAST5
40 # Don't use insecure hashes like SHA1 or MD5 and prefer stronger hashes.
41 personal-digest-preferences SHA512 SHA384 SHA256 SHA224
42 # Prefer better compression methods.
43 personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed
45 # Default preferences when generating a new key. Use the three settings above
46 # combined to create more secure keys.
47 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
49 # Don't use SHA1 when signing keys, this includes self-certificates. This
50 # setting is separate from the settings above and needs to be explicitly set
51 # or SHA1 will be used! Thanks to [1].
52 cert-digest-algo SHA512
57 # Use the given keyserver.
58 keyserver hkp://pool.sks-keyservers.net
63 # Use my newest key as default key.
64 default-key 0x92FEFDB7E44C32F9