# ~/.gnupg/gpg.conf |  gpg (GnuPG) 2.5.13
#
# This gpg.conf is tuned for safety, for a small circle PGP adoption
# in your surroundings, and for comfort.
#
# When you verify a signature, it automatically fetches the
# corresponding public key, if missing, from recommended secure
# sources.  Which is a very useful feature (at least to me).
#
# Have fun and safe texting!


# Prefer more modern ciphers over older ones.
personal-cipher-preferences CAMELLIA256 AES256 TWOFISH CAMELLIA192 AES192 CAMELLIA128 AES BLOWFISH
# Prefer strong hashes
personal-digest-preferences SHA512 SHA384 SHA256 SHA224 RIPEMD160
# Prefer modern compression
personal-compress-preferences BZIP2 ZLIB ZIP
# Default preferences for new keys
default-preference-list SHA512 SHA384 SHA256 SHA224 RIPEMD160 CAMELLIA256 AES256 TWOFISH CAMELLIA192 AES192 CAMELLIA128 AES BLOWFISH BZIP2 ZLIB ZIP
# SHA512 as digest to sign keys
cert-digest-algo SHA512
# SHA512 as digest for symmetric operations
s2k-digest-algo SHA512
# CAMELLIA256 as cipher for symmetric operations
s2k-cipher-algo CAMELLIA256
# Enable more compression
compress-level 9
bzip2-compress-level 9
# Only run gpg if memory is secured
require-secmem
# Disable banner
no-greeting
# Verbose output
#verbose
# Long hexidecimal key format
keyid-format 0xlong
# Display all keys and their fingerprints in a nice readable format
#with-fingerprint
# Display ownertrust and trust signatures
list-options show-ownertrust show-trustsig
# Show more info on checking signatures
list-options show-policy-urls show-user-notations show-keyserver-urls show-sig-expire
# Show expired subkeys
#list-options show-unusable-subkeys
# Display key origins and updates (still is experimental)
#with-key-origin
# When signing keys, always ask for the cert level
ask-cert-level
# Do update trustdb when needed to
auto-check-trustdb
# Portugal is a peripheric country, with small number of people.
# Let's be moderate with my circle's PGP adoption.
marginals-needed 2
# Disable caching of passphrase for symmetrical operations
no-symkey-cache
# Disable recipient key ID in messages (useful to hide the others
# recipients of a given message)
#throw-keyids
# If you do not pass a recipient to gpg, it will ask for one.  Using
# this option you can encrypt to a default key.  Key validation will
# not be done in this case.  The second form uses the default key as
# default recipient.
#default-recipient some-user-id
default-recipient-self
# Default/trusted key ID to use (also helpful with throw-keyids)
default-key 0x964FC110C40AD575
#trusted-key 0x964FC110C40AD575
# Always encrypt to
#encrypt-to 0x964FC110C40AD575
# Group recipient keys (preferred ID last)
#group keygroup = 0xFF00000000000001 0xFF00000000000002 0xFF3E7D88647EBCDB
# Keyserver URL
#keyserver hkps://pgp.mit.edu
keyserver hkps://keyserver.ubuntu.com:443
#keyserver hkps://pgp.ocf.berkeley.edu
#keyserver hkps://hkps.pool.sks-keyservers.net
#keyserver hkps://keys.gnupg.net
# Proxy to use for keyservers
#keyserver-options http-proxy=http://127.0.0.1:8118
#keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050
# WKD key discovery
auto-key-locate local,wkd,dane,cert
#auto-key-locate local,wkd,dane,cert,ldap,keyserver,hkps://keys.gnupg.net
# Retrieve automatically key from Internet when verifying signatures
# wkd if: --sender (is the default if --auto-key-locate has "wkd")
# keyserver if: --sig-keyserver-url
# keyserver if: --keyserver is configured (as it is above)
auto-key-retrieve
# When verifying signatures, automatically import embedded key (if
# --include-key-block was used)
auto-key-import