gnupg/.gnupg/gpg.conf

#                           .d8888b. 88d888b. .d8888b.
#                           88'  `88 88'  `88 88'  `88
#                           88.  .88 88.  .88 88.  .88
# ╔════════════════════════ `8888P88 88Y888P' `8888P88 ════════════════════════╗
# ║:::::::::::::::::::::::::......88 88 ....::......88 ::::::::::::::::::::::::║
# ║::::::::::::::::::::::::::d8888P .dP :::::::d8888P  ::::::::::::::::::::::::║
# ║::::::::::::::::::::::::::......::..::::::::......::::::::::::::::::::::::::║
# ╠════════════════════════════════════════════════════════════════════════════╣
# ║     file │ ~/.gnupg/gpg.conf                                               ║
# ║     desc │ OpenPGP encryption and signing tool                             ║
# ║   author │ bardisty <b@bah.im>                                             ║
# ║   source │ https://github.com/bardisty/dotfiles                            ║
# ║ modified │ Thu Sep 01 2016 17:30:02 PDT -0700                              ║
# ╚════════════════════════════════════════════════════════════════════════════╝


# Use stronger algorithms
# https://wiki.archlinux.org/index.php/GnuPG#Different_algorithm
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
personal-cipher-preferences TWOFISH CAMELLIA256 AES 3DES
personal-digest-preferences SHA512

# Display long key IDs
keyid-format 0xlong

# Include revoked keys when searching with `--search-keys`
keyserver-options include-revoked

# Ensure keys are refreshed through selected keyserver
# https://help.riseup.net/en/security/message-security/openpgp/best-practices#ensure-that-all-keys-are-refreshed-through-the-keyserver-you-have-selected
keyserver-options no-honor-keyserver-url

# Display the calculated validity of user IDs during key listings
list-options show-uid-validity

# Remove all comments in clear text signatures and ASCII armored messages
no-comments

# Do not include the version string in ASCII armored output
no-emit-version

# When verifying a signature made from a subkey, ensure that the cross
# certification "back signature" on the subkey is present and valid
#     * Protects against a subtle attack against subkeys that can sign
require-cross-certification

# Tell GnuPG to use gpg-agent(1)
#     * Obsolete with gpg2(1); gpg2 always requires the agent
#     * See `~/.xinitrc` for rest of gpg-agent config
use-agent

# Display the calculated validity of the user IDs on the key that issued the
# signature
verify-options show-uid-validity

# List keys along with their fingerprints
with-fingerprint