#This controls dirmngr and gpgsm, both of which are certificate managers connected to GnuPG-2.
#One may accidentally or purposefully connect to keyservers and leak data, so it is necessary to clean the connection as much as possible.
#Check for reasons behind errors via --debug-all --debug-level guru.

#Security precautions to neutralize protocols that can leak information.
disable-ldap
ignore-ldap-dp
disable-crl-checks
disable-policy-checks
disable-trusted-cert-crl-check
#disable-http
#ignore-http-dp

#Proxy settings. Try to stay behind a system with blanket internet traffic Onion Routing.
honor-http-proxy
#http-proxy host[:port]
#ldap-proxy host[:port]
#
#To manually use a keyserver with an Onion Routing SOCKS5 Proxy on Port 9050. Change the port number if needed. Blanket Onion Routing of the whole OS is better.
#The use of this option overrides the environment variable http_proxy regardless whether --honor-http-proxy has been set.
#http-proxy=socks5h://127.0.0.1:9050

#Runtime preferences.
verbose
verbose
verbose
verbose
verbose
verbose
verbose
verbose
verbose
verbose

#Note about OSCP (Online Certificate Status Protocol) from inside the GnuPG manual.
#--allow-ocsp
#This option enables OCSP support if requested by the client.
#OCSP requests are rejected by default because they may violate the privacy of the user; for example it is possible to track the time when a user is reading a mail.
disable-ocsp

#Manually give --faked-system-time 20070924T154812 to GnuPG if it allows. Remove the comment-hastag below to set a constant faked-system-time but keep changing it to evade identification.
#This option is generally not necessary for use with GPGSM.
#faked-system-time 20070924T154812