PGP uses a configuration database that is stored in the file
"config.txt"; please see the manual for complete details.
Blank lines and lines beginning with "#" are comments.
Options take string, numeric, or boolean values. The
boolean values are "on" and "off".
These options can also be specified on the command line,
using a syntax such as
+armor=on. Keywords can be abbreviated to unique prefixes. Keywords are not
case-sensitive. "=on" is assumed for boolean options if nothing
is specified. Some highlights:
MYNAME - Default User ID for
Default setting: MYNAME = ""
The configuration parameter MYNAME specifies the default user ID to
use to select the secret key for making signatures. If MYNAME is not
defined, the most recent secret key you installed on your secret key
ring is used. The user may also override this setting by
specifying a user ID on the PGP command line with the
TEXTMODE - Assuming Plaintext is a
Default setting: TEXTMODE = off
The configuration parameter TEXTMODE is equivalent to the
-t command line option. If enabled, it causes PGP to assume the plaintext
is a text file, not a binary file, and converts it to "canonical text"
before encrypting it. Canonical text has a carriage return and a
linefeed at the end of each line of text.
This mode is automatically turned off if PGP detects that the plaintext
file contains 8-bit binary data. Thus, it is safe to leave enabled at
ARMOR - Enable ASCII Armor Output
Default setting: ARMOR = off
The configuration parameter ARMOR is equivalent to the
-a command line option. If enabled, it causes PGP to emit ciphertext or
keys in ASCII Radix-64 format suitable for transporting through E-mail
channels. Output files are named with the ".asc" extension.
If you tend to use PGP mostly for E-mail, it may be a good idea to
enable this parameter.
ARMORLINES - Size of ASCII Armor Multipart Files
Default setting: ARMORLINES = 720
For large ASCII armor files, PGP splits them into files named
".asc1", ".asc2", ".asc3", etc. so as not to
choke mailers, which typically starts to happen around 50,000
bytes. This specifies the number of (64-byte) lines to place in
each file. If set to 0, PGP will not split ASCII armor files.
CLEARSIG - Enable Clear-Signed Output
Default setting: CLEARSIG = on
Normally, a signed and ASCII-armored PGP message is gibberish,
even though the text is not encrypted. This prevents munging
by mailers, but requires PGP to simply read the message.
If CLEARSIG is enabled, then when signing and ASCII-armoring a text
file, PGP uses a different format that includes the plaintext in
human-readable form. Lines beginning with "-" are quoted with "- ".
To cope with some of the stupider mailers in the world, lines beginning
with "From" are also quoted, and trailing whitespace on lines is
stripped. PGP will remove the quoting if you use it to decrypt the
message, but the trailing whitespace is not recovered. This is still
useful enough to be enabled by default.
ENCRYPTTOSELF - Add MYNAME to Recipients List
Default setting: ENCRYPTTOSELF = off
If this is emabled, MYNAME will be implcitly added to the list of
recipients for any message you encrypt with a public key. Since in
this case, MYNAME is looked up in the public keyring, it is important
that it unambiguously specify the right key.
LANGUAGE - Language To Use
Default setting: LANGUAGE = en
If you want to use a different language, and translations are in the
language.txt file, setting this option will cause PGPs messages to
appear in a different language. If a translation for a message is
not available, it appears in english.
If you look at the supplied language.txt file, the format should
CHARSET - Character Set
Default setting: CHARSET = noconv
PGP tries to translate all text-mode messages into the ISO Latin-1
alphabet, or the KOI-8 alphabet for cyrillic alphabets. This
setting indicates the native character set, so PGP can do the
translation. Options are noconv, latin1 or koi8, indicating that
no translation should be done; cp850, indicating that IBM PC code
page 850 mappings should be used; ascii, indicating that a minimal
ASCII subset should be used; and alt_codes, indicating that the
IBM PC alt codes should be used for the cyrillic alphabet.
KEEPBINARY - Preserve Intermediate .pgp File
Default setting: KEEPBINARY = off
If KEEPBINARY is enabled, then PGP will produce a .pgp file in addition
to a .asc file when ASCII armor is enabled.
TMP - Temporary file directory
Default setting: TMP = ""
PGP produces temporary files while decrypting a message.
This is the directory they are stored in. If not specified in the config
file, the environment variable TMP is used, or the current directory.
It helps security somewhat if this is not a publicly-readable directory.
A local file system is also a good idea.
COMPRESS - Compress Plaintext Before Encrypting
Default setting: COMPRESS = on
PGP usually compresses the plaintext before encrypting it, so it will
have less to encrypt and the file you send will be smaller. It also
makes cryptanalysis harder. This is usually only turned off for
PAGER - Select Shell Command to Display Pager Output
Default setting: PAGER = ""
If set, PGP uses this program to view files when the
-m option is specified. By default, PGP uses a simple builtin pager.
SHOWPASS - Echo Pass Phrase During Entry
Default setting: SHOWPASS = off
If someone is unable to type a long pass phrase reliably without seeing it,
this can be turned on, at the cost of security.
INTERACTIVE - Prompt Before Adding Each Key
Default setting: INTERACTIVE = off
By default, when given a file containing new keys, PGP asks if you would
like to add them to your public key ring. Since adding keys does not
imply that you trust them, adding more just wakes up space. If this
option is set, PGP asks about each key in a key file.
VERBOSE - Level of Detail Printed
Default setting: VERBOSE = 1
When set to 0, PGP only prints messages that are necessary or indicate an
error. When set to 2, PGP prints a significant amount of debugging
information describing what its doing. Values above 2 have no effect.
PUBRING - Public Key Ring Location
Default setting: PUBRING = $PGPPATH/pubring.pgp
This is the path name to the public key ring to use.
SECRING - Secret Key Ring Location
Default setting: SECRING = $PGPPATH/secring.pgp
This is the path name to the secret key ring to use.
BAKRING - Backup Secret Key Ring
Default setting: BAKRING = ""
If this is set, when checking your key ring (pgp -kc), PGP will
compare the normal secret key ring against the given backup
copy, usually kept on write-protected removable media. This
is to protect against wholesale modifications to your key rings
in a spoofing attack.
RANDSEED - Random Number Seed File
Default setting: RANDSEED = $PGPPATH/randseed.bin
This is the path to a random seed file which is part of PGPs
random number generation algorithm, used to generate session keys.
While PGP goes to great lengths to use every available source of
randomness in generating session keys, this file is part of the
process and protecting it from disclosure is desirable.
COMMENT - ASCII Armor Comment
Default setting: COMMENT = ""
If set to a non-empty string, the value of this variable is
printed in the header of ASCII armor files, preceded by "Comment: ".
LEGAL_KLUDGE - Incompatibility with PGP versions prior to 2.6
Default setting: LEGAL_KLUDGE = on
If set, PGP will generate keys and messages in a new format that
cannot be read by PGP 2.5 and earlier versions.