--- /dev/null
+;;; -*-conf-*-
+;;;
+;;; Default configuration for GnuPG keys
+;;;
+;;; (c) 2012 Mark Wooding
+;;;
+
+;;;----- Licensing notice ---------------------------------------------------
+;;;
+;;; This file is part of the distorted.org.uk key management suite.
+;;;
+;;; distorted-keys is free software; you can redistribute it and/or modify
+;;; it under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 2 of the License, or
+;;; (at your option) any later version.
+;;;
+;;; distorted-keys is distributed in the hope that it will be useful,
+;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with distorted-keys; if not, write to the Free Software Foundation,
+;;; Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+;;;--------------------------------------------------------------------------
+;;; GnuPG configuration.
+;;;
+;;; Properties defined by the key-type are as follows. All of them are
+;;; optional.
+;;;
+;;; main-type Type of the main key. This must be an asymmetric
+;;; integrity key type, e.g., `RSA', `DSA'. The default
+;;; is `RSA'.
+;;;
+;;; main-length The size of the main key, in bits. For DSA, this is
+;;; the larger field size. The default is 3072; you
+;;; should set it explicitly if you override the main
+;;; type.
+;;;
+;;; sub-type Type of the encryption subkey. This must be an
+;;; asymmetric secrecy key type, e.g., `RSA', `ELG-E'.
+;;; The default is `ELG-E'.
+;;;
+;;; sub-length The size of the subkey, as for `main-length'. The
+;;; default is 3072.
+;;;
+;;; cipher-prefs A space-separated list of symmetric encryption
+;;; algorithms, in order of decreasing preference. The
+;;; default list is `AES256 AES TWOFISH 3DES BLOWFISH
+;;; CAST5', but this may well change later.
+;;;
+;;; digest-prefs A space-separated list of message-digest (hash)
+;;; algorithms, in order of decreasing preference. The
+;;; default list is `SHA256 SHA1 RIPEMD160', but this may
+;;; well change later.
+;;;
+;;; compress-prefs A space-separated list of compression algorithms, in
+;;; order of decreasing preference. The default list is
+;;; `ZLIB ZIP'.
+;;;
+;;; s2k-cipher The symmetric encryption scheme to use for encrypting
+;;; private keys. The default is the first algorithm
+;;; listed in `cipher-prefs'.
+;;;
+;;; s2k-digest The message-digest (hash) algorithm to use for
+;;; deriving symmetric keys from passphrases. The
+;;; default is the first algorithm listed in
+;;; `digest-prefs'.
+;;;
+;;; realname These are used to construct the GnuPG key name as
+;;; comment `$realname ($comment) <$email>'. If `comment' is
+;;; email missing or `nil' then the comment field and its
+;;; surrounding parentheses are omitted. A %{PARAM}
+;;; placeholder in these properties is replaced by the
+;;; values of the named key-generation parameter PARAM,
+;;; and an error is reported if no such parameter is
+;;; provided; a %{PARAM-DEFAULT} placeholder is replaced
+;;; by the value of the parameter PARAM, or the string
+;;; DEFAULT if no such parameter is provided.
+
+[%gnupg]
+type = gnupg
+
+;; Main (integrity) key.
+main-type = RSA
+main-length = 3072
+
+;; Subsidiary (secrecy) key.
+sub-type = ELG-E
+sub-length = 3072
+
+;; Preferences for algorithms and compression.
+cipher-prefs = AES256 AES TWOFISH 3DES BLOWFISH CAST5
+digest-prefs = SHA256 SHA1 RIPEMD160
+compress-prefs = ZLIB ZIP
+
+;; Identification (delegate to options).
+realname = %{realname}
+comment = %{comment-nil}
+email = %{email}
+
+[gnupg]
+@include = %gnupg %asymmetric
+
+[%gnupg-infra]
+@include = %gnupg
+realname = $@name $%description
+email = %$%email-prefix$%tag@$%domain
+
+;;;----- That's all, folks --------------------------------------------------