Useful GnuPG Options

There’s so many options!

Here are some useful options to add to your ~/.gnupg/gpg.conf:

keyid-format 0xlong

So, why? The first thing shows full key-IDs, including the 0x leading part. Using the full key-ID is very important these days, as someone has found collisions for the short-IDs of everyone in the “strong set” (see for more)

The throw-keyids documentation says, “Do not put the recipient key IDs into encrypted messages. This helps to hide the receivers of the message and is a limited countermeasure against traffic analysis.” Sounds good to me.

no-emit-version doesn’t burn which exact version you’re using into outgoing messages.

Update: an earlier version of this put a keyserver line in the gpg.conf file but it should go in ~/.gnupg/dirmngr.conf instead; thanks to those who pointed it out.

keyserver hkp://jirk5u4osbsr34t5.onion

This keyserver line uses an Onion-service as the keyserver (and gpg has built-in Tor support). It’s not using hkps because .onion domains are already end-to-end encrypted and secure.