+# Use long keyids because the short ones have collisions.
+keyid-format 0xlong
+
+
+# KEY GENERATION
+
+# Use stronger preferences. These are not enforced, but tried in the given
+# order and the first supported by all recipients is used.
+#
+# Ciphers for encryption.
+personal-cipher-preferences AES256 AES192 AES CAST5
+# Don't use insecure hashes like SHA1 or MD5 and prefer stronger hashes.
+personal-digest-preferences SHA512 SHA384 SHA256 SHA224
+# Prefer better compression methods.
+personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed
+
+# Default preferences when generating a new key. Use the three settings above
+# combined to create stronger keys.
+default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
+
+# Don't use SHA1 when signing keys, this includes self-certificates. This
+# setting is separate from the settings above and needs to be explicitly set
+# or SHA1 will be used! Thanks to [1].
+cert-digest-algo SHA512
+
+
+# KEYSERVERS