'\" t .\" Title: pacman-key .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 2024-09-09 .\" Manual: Pacman Manual .\" Source: Pacman 7.0.0 .\" Language: English .\" .TH "PACMAN\-KEY" "8" "2024\-09\-09" "Pacman 7\&.0\&.0" "Pacman Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pacman-key \- manage pacman\*(Aqs list of trusted keys .SH "SYNOPSIS" .sp \fIpacman\-key\fR [options] operation [targets] .SH "DESCRIPTION" .sp \fIpacman\-key\fR is a wrapper script for GnuPG used to manage pacman\(cqs keyring, which is the collection of PGP keys used to check signed packages and databases\&. It provides the ability to import and export keys, fetch keys from keyservers and update the key trust database\&. .sp More complex keyring management can be achieved using GnuPG directly combined with the \fI\-\-homedir\fR option pointing at the pacman keyring (located in /etc/pacman\&.d/gnupg by default)\&. .sp Invoking pacman\-key consists of supplying an operation with any potential options and targets to operate on\&. Depending on the operation, a \fItarget\fR may be a valid key identifier, filename, or directory\&. .SH "OPERATIONS" .PP \fB\-a, \-\-add\fR .RS 4 Add the key(s) contained in the specified file or files to pacman\(cqs keyring\&. If a key already exists, update it\&. .RE .PP \fB\-d, \-\-delete\fR .RS 4 Remove the key(s) identified by the specified keyid(s) from pacman\(cqs keyring\&. .RE .PP \fB\-e, \-\-export\fR .RS 4 Export key(s) identified by the specified keyid(s) to \fIstdout\fR\&. If no keyid is specified, all keys will be exported\&. .RE .PP \fB\-\-edit\-key\fR .RS 4 Present a menu for key management task on the specified keyid(s)\&. Useful for adjusting a keys trust level\&. .RE .PP \fB\-f, \-\-finger\fR .RS 4 List a fingerprint for each specified keyid, or for all known keys if no keyids are specified\&. .RE .PP \fB\-h, \-\-help\fR .RS 4 Output syntax and command line options\&. .RE .PP \fB\-\-import\fR .RS 4 Imports keys from pubring\&.gpg into the public keyring from the specified directories\&. .RE .PP \fB\-\-import\-trustdb\fR .RS 4 Imports ownertrust values from trustdb\&.gpg into the shared trust database from the specified directories\&. .RE .PP \fB\-\-init\fR .RS 4 Ensure the keyring is properly initialized and has the required access permissions\&. .RE .PP \fB\-l, \-\-list\-keys\fR .RS 4 Lists all or specified keys from the public keyring\&. .RE .PP \fB\-\-list\-sigs\fR .RS 4 Same as \fI\-\-list\-keys\fR, but the signatures are listed too\&. .RE .PP \fB\-\-lsign\-key\fR .RS 4 Locally sign the given key\&. This is primarily used to root the web of trust in the local private key generated by \fI\-\-init\fR\&. .RE .PP \fB\-\-nocolor\fR .RS 4 Disable colored output from pacman\-key\&. .RE .PP \fB\-r, \-\-recv\-keys\fR .RS 4 Equivalent to \fI\-\-recv\-keys\fR in GnuPG\&. .RE .PP \fB\-\-refresh\-keys\fR .RS 4 Equivalent to \fI\-\-refresh\-keys\fR in GnuPG\&. .RE .PP \fB\-\-populate\fR .RS 4 Reload the default keys from the (optionally provided) keyrings in /usr/share/pacman/keyrings\&. For more information, see Providing a Keyring for Import below\&. .RE .PP \fB\-u, \-\-updatedb\fR .RS 4 Equivalent to \fI\-\-check\-trustdb\fR in GnuPG\&. This operation can be specified with other operations\&. .RE .PP \fB\-V, \-\-version\fR .RS 4 Displays the program version\&. .RE .PP \fB\-v, \-\-verify\fR .RS 4 Assume that the first argument is a signature and verify it\&. If a second argument is provided, it is the file to be verified\&. .sp With only one argument given, assume that the signature is a detached signature, and look for a matching data file to verify by stripping the file extension\&. If no matching data file is found, fall back on GnuPG semantics and attempt to verify a file with an embedded signature\&. .RE .SH "OPTIONS" .PP \fB\-\-config\fR .RS 4 Use an alternate configuration file instead of the /etc/pacman\&.conf default\&. .RE .PP \fB\-\-gpgdir\fR .RS 4 Set an alternate home directory for GnuPG\&. If unspecified, the value is read from /etc/pacman\&.conf\&. .RE .PP \fB\-\-keyserver\fR .RS 4 Use the specified keyserver if the operation requires one\&. This will take precedence over any keyserver option specified in a gpg\&.conf configuration file\&. Running \fI\-\-init\fR with this option will set the default keyserver if one was not already configured\&. .RE .SH "PROVIDING A KEYRING FOR IMPORT" .sp A distribution or other repository provided may want to provide a set of PGP keys used in the signing of its packages and repository databases that can be readily imported into the pacman keyring\&. This is achieved by providing a PGP keyring file foo\&.gpg that contains the keys for the foo keyring in the directory /usr/share/pacman/keyrings\&. .sp Optionally, the file foo\-trusted can be provided containing a list of trusted key IDs for that keyring\&. This is a file in a format compatible with \fIgpg \-\-export\-ownertrust\fR output\&. This file will inform the user which keys a user needs to verify and sign to build a local web of trust, in addition to assigning provided owner trust values\&. .sp Also optionally, the file foo\-revoked can be provided containing a list of revoked key IDs for that keyring\&. Revoked is defined as "no longer valid for any signing", so should be used with prudence\&. A key being marked as revoked will be disabled in the keyring and no longer treated as valid, so this always takes priority over it\(cqs trusted state in any other keyring\&. .SH "SEE ALSO" .sp \fBpacman\fR(8), \fBpacman.conf\fR(5) .sp See the pacman website at https://archlinux\&.org/pacman/ for current information on pacman and its related tools\&. .SH "BUGS" .sp Bugs? You must be kidding; there are no bugs in this software\&. But if we happen to be wrong, please report them to the issue tracker at https://gitlab\&.archlinux\&.org/pacman/pacman/\-/issues with specific information such as your command\-line, the nature of the bug, and even the package database if it helps\&. .SH "AUTHORS" .sp Current maintainers: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Allan McRae .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Andrew Gregory .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Morgan Adamiec .RE .sp Past major contributors: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Judd Vinet .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Aurelien Foret .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Aaron Griffin .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Dan McGee .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Xavier Chantry .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Nagy Gabor .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Dave Reisner .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Eli Schwartz .RE .sp For additional contributors, use git shortlog \-s on the pacman\&.git repository\&.