My GnuPG Configuration

Since there is a comment for nearly every option I've set, I won't go into much detail here. The GnuPG documentation and the manpage will provide more about information.

The configuration for GnuPG is spread across three files. One for each component.

gpg.conf

#
# This is an implementation of the Riseup OpenPGP Best Practices
# https://help.riseup.net/en/security/message-security/openpgp/best-practices
#

#-----------------------------
# Default key
#-----------------------------

# The default key to sign with. If this option is not used, the default key is
# the first key found in the secret keyring.
default-key <FINGERPRINT>

#-----------------------------
# Behavior
#-----------------------------

# Disable inclusion of the version string in ASCII armored output.
no-emit-version

# Disable comment string in clear text signatures and ASCII armored messages.
no-comments

# Display long key IDs.
keyid-format 0xlong

# List all keys (or the specified ones) along with their fingerprints.
with-fingerprint

# Display the calculated validity of user IDs during key listings.
list-options show-uid-validity
verify-options show-uid-validity

# Try to use the GnuPG-Agent. With this option, GnuPG first tries to connect to
# the agent before it asks for a passphrase.
use-agent

# Use UTF-8 character encoding.
display-charset utf-8
utf8-strings

#-----------------------------
# Keyserver
#-----------------------------

# This is the server that --recv-keys, --send-keys, and --search-keys will
# communicate with to receive keys from, send keys to, and search for keys on.
keyserver hkps://keys.openpgp.org

# When using --refresh-keys, if the key in question has a preferred keyserver
# URL, then disable use of that preferred keyserver to refresh the key from.
keyserver-options no-honor-keyserver-url

# When searching for a key with --search-keys, include keys that are marked on
# the keyserver as revoked.
keyserver-options include-revoked

#-----------------------------
# Algorithm and ciphers
#-----------------------------

# List of personal digest preferences. When multiple digests are supported by
# all recipients, choose the strongest one.
personal-cipher-preferences AES256 AES192 AES CAST5

# List of personal digest preferences. When multiple ciphers are supported by
# all recipients, choose the strongest one.
personal-digest-preferences SHA512 SHA384 SHA256 SHA224

# Message digest algorithm used when signing a key.
cert-digest-algo SHA512

# The cipher algorithm for symmetric encryption with a passphrase.
s2k-cipher-algo AES256

# The digest algorithm used to mangle the passphrases for symmetric encryption.
s2k-digest-algo SHA512

# Treat the specified digest algorithm as weak. Signatures made over weak
# digests algorithms are normally rejected.
weak-digest SHA1

# Never allow the use as cipher algorithm.
disable-cipher-algo 3DES

# This preference list is used for new keys and becomes the default for
# "setpref" in the edit menu.
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

gpg-agent.conf

# Program used for entering the PIN.
pinentry-program /usr/local/bin/pinentry-mac

# Enable OpenSSH Agent (ssh-agent) protocol support.
enable-ssh-support

# Set number of seconds for which cache entries are valid.
default-cache-ttl 300
default-cache-ttl-ssh 300
max-cache-ttl 900
max-cache-ttl-ssh 900

dirmngr.conf

keyserver hkps://keys.openpgp.org