# GnuPG Options # (OpenPGP-Configuration-Options) # Assume that command line arguments are given as UTF8 strings. utf8-strings # ### (OpenPGP-Esoteric-Options) # ============================================ # # Use name as the message digest algorithm used when signing a key. Running the # program with the command --version yields a list of supported algorithms. Be # aware that if you choose an algorithm that GnuPG supports but other OpenPGP # implementations do not, then some users will not be able to use the key # signatures you make, or quite possibly your entire key. # # SHA-1 is the only algorithm specified for OpenPGP V4. By changing the # cert-digest-algo, the OpenPGP V4 specification is not met but with even # GnuPG 1.4.10 (release 2009) supporting SHA-2 algorithm, this should be safe. # Source: https://tools.ietf.org/html/rfc4880#section-12.2 cert-digest-algo SHA512 digest-algo SHA256 # digest-algo SHA512 stronger # Selects how passphrases for symmetric encryption are mangled. 3 (the default) # iterates the whole process a number of times (see --s2k-count). s2k-mode 3 # ### (OpenPGP-Protocol-Options) # ============================================ # # Use name as the cipher algorithm for symmetric encryption with a passphrase # if --personal-cipher-preferences and --cipher-algo are not given. The # default is AES-128. s2k-cipher-algo AES256 # Use name as the digest algorithm used to mangle the passphrases for symmetric # encryption. The default is SHA-1. s2k-digest-algo SHA512 # Specify how many times the passphrases mangling for symmetric encryption is # repeated. This value may range between 1024 and 65011712 inclusive. The # default is inquired from gpg-agent. Note that not all values in the # 1024-65011712 range are legal and if an illegal value is selected, GnuPG will # round up to the nearest legal value. This option is only meaningful if # --s2k-mode is set to the default of 3. s2k-count 1015808 #s2k-count 65011712 # Set the list of personal digest/cipher/compression preferences. This allows # the user to safely override the algorithm chosen by the recipient key # preferences, as GPG will only select an algorithm that is usable by all # recipients. personal-digest-preferences SHA512 SHA384 SHA256 SHA224 # personal-digest-preferences SHA512 #stronger personal-cipher-preferences AES256 AES192 AES CAST5 CAMELLIA192 BLOWFISH TWOFISH CAMELLIA128 3DES #personal-cipher-preferences AES256 #stronger personal-compress-preferences ZLIB BZIP2 ZIP # Set the list of default preferences to string. This preference list is used # for new keys and becomes the default for "setpref" in the edit menu. default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed # default-preference-list SHA512 SHA384 SHA256 RIPEMD160 AES256 TWOFISH BLOWFISH ZLIB BZIP2 ZIP Uncompressed # Stronger?Weaker? # ### GnuPG View Options # ============================================ # # Select how to display key IDs. "long" is the more accurate (but less # convenient) 16-character key ID. Add an "0x" to include an "0x" at the # beginning of the key ID. keyid-format 0xlong # List all keys with their fingerprints. This is the same output as --list-keys # but with the additional output of a line with the fingerprint. If this # command is given twice, the fingerprints of all secondary keys are listed too. with-fingerprint # ### Sources: # https://blog.tinned-software.net/create-gnupg-key-with-sub-keys-to-sign-encrypt-authenticate/ # https://blog.eleven-labs.com/en/openpgp-almost-perfect-key-pair-part-1/ # Other # Avoid information leaked no-emit-version no-comments export-options export-minimal # Displays the validity of the keys list-options show-uid-validity verify-options show-uid-validity # Limits the algorithms used cipher-algo AES256 compress-algo ZLIB disable-cipher-algo 3DES weak-digest SHA1