These options are used to change the configuration and are usually found in the option file.
--default-key name--default-recipient name--default-recipient-self--no-default-recipient-v, --verbose--no-verbose-q, --quiet--batch--no-batch--no-tty--yes--no--list-options parameters--verify-options parameters--enable-dsa2--disable-dsa2--photo-viewer stringThe default viewer is "xloadimage -fork -quiet -title 'KeyID 0x%k'
STDIN". Note that if your image viewer program is not secure, then
executing it from GnuPG does not make it secure.
--exec-path string--keyring filefile to the current list of keyrings. If file begins
with a tilde and a slash, these are replaced by the $HOME directory. If
the filename does not contain a slash, it is assumed to be in the GnuPG
home directory ("~/.gnupg" if --homedir or $GNUPGHOME is not
used).
Note that this adds a keyring to the current list. If the intent is to
use the specified keyring alone, use --keyring along with
--no-default-keyring.
--secret-keyring file--primary-keyring filefile as the primary public keyring. This means that
newly imported keys (via --import or keyserver
--recv-from) will go to this keyring.
--trustdb-name filefile instead of the default trustdb. If file begins
with a tilde and a slash, these are replaced by the $HOME directory. If
the filename does not contain a slash, it is assumed to be in the GnuPG
home directory (~/.gnupg if --homedir or $GNUPGHOME is
not used).
--homedir dir--display-charset namename are:
--utf8-strings--no-utf8-strings--options filefile and do not try to read them from the
default options file in the homedir (see --homedir). This
option is ignored if used in an options file.
--no-options-z n--compress-level n--bzip2-compress-level nn for the ZIP and ZLIB compression
algorithms. The default is to use the default compression level of zlib
(normally 6). --bzip2-compress-level sets the compression level
for the BZIP2 compression algorithm (defaulting to 6 as well). This is a
different option from --compress-level since BZIP2 uses a
significant amount of memory for each additional compression level.
-z sets both. A value of 0 for n disables compression.
--bzip2-decompress-lowmem--mangle-dos-filenames--no-mangle-dos-filenames--ask-cert-level--no-ask-cert-level--default-cert-level n0 means you make no particular claim as to how carefully you verified the key.
1 means you believe the key is owned by the person who claims to own it but you could not, or did not verify the key at all. This is useful for a "persona" verification, where you sign the key of a pseudonymous user.
2 means you did casual verification of the key. For example, this could mean that you verified that the key fingerprint and checked the user ID on the key against a photo ID.
3 means you did extensive verification of the key. For example, this could mean that you verified the key fingerprint with the owner of the key in person, and that you checked, by means of a hard to forge document with a photo ID (such as a passport) that the name of the key owner matches the name in the user ID on the key, and finally that you verified (by exchange of email) that the email address on the key belongs to the key owner.
Note that the examples given above for levels 2 and 3 are just that: examples. In the end, it is up to you to decide just what "casual" and "extensive" mean to you.
This option defaults to 0 (no particular claim).
--min-cert-level--trusted-key long key ID--trust-model pgp|classic|direct|always|auto--auto-key-locate parameters--no-auto-key-locatelocal is also used.
--keyid-format short|0xshort|long|0xlong--keyserver namename as your keyserver. This is the server that
--recv-keys, --send-keys, and --search-keys
will communicate with to receive keys from, send keys to, and search for
keys on. The format of the name is a URI:
`scheme:[//]keyservername[:port]' The scheme is the type of keyserver:
"hkp" for the HTTP (or compatible) keyservers, "ldap" for the LDAP
keyservers, or "mailto" for the Graff email keyserver. Note that your
particular installation of GnuPG may have other keyserver types
available as well. Keyserver schemes are case-insensitive. After the
keyserver name, optional keyserver configuration options may be
provided. These are the same as the global --keyserver-options
from below, but apply only to this particular keyserver.
Most keyservers synchronize with each other, so there is generally no
need to send keys to more than one server. The keyserver
hkp://keys.gnupg.net uses round robin DNS to give a different
keyserver each time you use it.
--keyserver-options name=value1 Note that this option makes a "web bug" like behavior possible.
Keyserver operators can see which keys you request, so by sending you
a message signed by a brand new key (which you naturally will not have
on your local keyring), the operator can tell both your IP address and
the time when you verified the signature.
value--completes-needed n--marginals-needed n--max-cert-depth n--simple-sk-checksum--no-sig-cache--no-sig-create-check--auto-check-trustdb--no-auto-check-trustdb--use-agent--no-use-agent--gpg-agent-info--lock-once--lock-multiple--lock-never--exit-on-status-write-error--limit-card-insert-tries nn greater than 0 the number of prompts asking to insert a
smartcard gets limited to N-1. Thus with a value of 1 gpg won't at
all ask to insert a card if none has been inserted at startup. This
option is useful in the configuration file in case an application does
not know about the smartcard support and waits ad infinitum for an
inserted card.
--no-random-seed-file--no-greeting--no-secmem-warning--no-permission-warningNote that the warning for unsafe --homedir permissions cannot be
suppressed in the gpg.conf file, as this would allow an attacker to
place an unsafe gpg.conf file in place, and use this file to suppress
warnings about itself. The --homedir permissions warning may only be
suppressed on the command line.
--no-mdc-warning--require-secmem--no-require-secmem--require-cross-certification--no-require-cross-certification--expert--no-expert