4.3 Configuration files
There are a few configuration files to control certain aspects of
gpg2's operation. Unless noted, they are expected in the
current home directory (see option –homedir).
- This is the standard configuration file read by gpg2 on
startup. It may contain any valid long option; the leading two dashes
may not be entered and the option may not be abbreviated. This default
name may be changed on the command line (see gpg-option –options).
You should backup this file.
Note that on larger installations, it is useful to put predefined files
into the directory /usr/local/etc/skel/.gnupg so that
newly created users start up with a working configuration.
For existing users a small
helper script is provided to create these files (see addgnupghome).
For internal purposes gpg2 creates and maintains a few other
files; They all live in in the current home directory (see option –homedir). Only the gpg2 program may modify these files.
- The public keyring. You should backup this file.
- The lock file for the public keyring.
- The public keyring using a different format. This file is sharred
with gpgsm. You should backup this file.
- The lock file for pubring.kbx.
- A secret keyring as used by GnuPG versions before 2.1. It is not
used by GnuPG 2.1 and later.
- File indicating that a migration to GnuPG 2.1 has been done.
- The trust database. There is no need to backup this file; it is better
to backup the ownertrust values (see option –export-ownertrust).
- The lock file for the trust database.
- A file used to preserve the state of the internal random pool.
- The lock file for the secret keyring.
- This is the directory where gpg stores pre-generated revocation
certificates. The file name corresponds to the OpenPGP fingerprint of
the respective key. It is suggested to backup those certificates and
if the primary private key is not stored on the disk to move them to
an external storage device. Anyone who can access theses files is
able to revoke the corresponding key. You may want to print them out.
You should backup all files in this directory and take care to keep
this backup closed away.
- The skeleton options file.
- Default location for extensions.
Operation is further controlled by a few environment variables:
- Used to locate the default home directory.
- If set directory used instead of "~/.gnupg".
- This variable was used by GnuPG versions before 2.1
- This value is passed via gpg-agent to pinentry. It is useful to convey
extra information to a custom pinentry.
- Used to size some displays to the full size of the screen.
- Apart from its use by GNU, it is used in the W32 version to override the
language selection done through the Registry. If used and set to a
valid and available language name (langid), the file with the
translation is loaded from
.mo. Here gpgdir is the
directory out of which the gpg binary has been loaded. If it can't be
loaded the Registry is tried and as last resort the native Windows
locale system is used.