.\" Generated by scdoc 1.11.4 .\" Complete documentation for this program is not available as a GNU info page .ie \n(.g .ds Aq \(aq .el .ds Aq ' .nh .ad l .\" Begin generated content: .TH "RPMKEYS" "8" "2026-01-08" "RPM 6.0.1" .PP .SH NAME .PP rpmkeys - RPM Keyring .PP .SH SYNOPSIS .PP \fBrpmkeys\fR {\fB-K\fR|\fB--checksig\fR} [options] \fIPACKAGE_FILE\fR .\&.\&.\& .PP \fBrpmkeys\fR {\fB-d\fR|\fB--delete\fR|\fB-e\fR|\fB--erase\fR} [options] \fIFINGERPRINT\fR .\&.\&.\& .PP \fBrpmkeys\fR {\fB-x\fR|\fB--export\fR} [options] [\fIFINGERPRINT\fR .\&.\&.\&] .PP \fBrpmkeys\fR {\fB-i\fR|\fB--import\fR} [options] \fIPUBKEY\fR .\&.\&.\& .PP \fBrpmkeys\fR {\fB-l\fR|\fB--list\fR} [options] [\fIFINGERPRINT\fR .\&.\&.\&] .PP \fBrpmkeys\fR \fB--rebuild\fR [options] [rebuild-options] .PP .SH DESCRIPTION .PP \fBrpmkeys\fR is used for manipulating the \fBrpm\fR keyring and verifying package digital signatures with the contained keys.\& .PP For all available operations, see \fBOPERATIONS\fR.\& .PP .SH OPERATIONS .PP \fB-K\fR, \fB--checksig\fR .RS 4 Verify the digests and signatures contained in \fIPACKAGE_FILE\fR to ensure the integrity and origin of the package.\& .PP .RE \fB-d\fR, \fB--delete\fR, \fB-e\fR, \fB--erase\fR .RS 4 Erase the key(s) designated by \fIFINGERPRINT\fR.\& The \fB--delete\fR and \fB-d\fR options are deprecated.\& .PP .RE \fB-x\fR, \fB--export\fR .RS 4 Output the key(s) designated by \fIFINGERPRINT\fR using an ASCII-armor encoding.\& If \fIFINGERPRINT\fR is not specified, output all keys.\& .PP .RE \fB--import\fR .RS 4 Import ASCII-armored public keys.\& Digital signatures cannot be verified without the corresponding public key (aka certificate).\& .PP .RE \fB-l\fR, \fB--list\fR .RS 4 List currently imported public key(s) (aka certificates) by their fingerprint and user ID.\& If no fingerprints are specified, list all keys.\& .PP .RE \fB--rebuild\fR .RS 4 Recreate the public key storage.\& Update to the latest format and drop unreadable keys.\& .PP .RE .SH ARGUMENTS .PP \fIFINGERPRINT\fR .RS 4 The handle used for all operations on the keys.\& .RE \fIPACKAGE_FILE\fR .RS 4 An \fBrpm\fR package file or a manifest.\& .RE \fIPUBKEY\fR .RS 4 An ASCII-armored OpenPGP public key (aka certificate).\& .PP .RE .SH OPTIONS .PP See \fBrpm-common\fR(8) for the options common to all \fBrpm\fR executables.\& .PP .SH REBUILD OPTIONS .PP \fB--from\fR <\fBfs\fR|\fBopenpgp\fR|\fBrpmdb\fR> .RS 4 Use the keys from the specified backend to rebuild the currently configured keystore backend.\& This can be used to convert from one key storage to another.\& .PP .RE .SH OUTPUT \fB--checksig\fR .nf .RS 4 <_PACKAGE_FILE_>: .fi .RE .PP .RS 4 With \fB--verbose\fR: .RE .nf .RS 4 <_PACKAGE_FILE_>: : \&.\&.\&. .fi .RE .PP \fB--list\fR .nf .RS 4 public key .fi .RE .PP .SH CONFIGURATION .PP There are several configurables affecting the behavior of this verification, see \fBrpm-config\fR(5) for details: .PD 0 .IP \(bu 4 \fB%_keyring\fR .IP \(bu 4 \fB%_keyringpath\fR .IP \(bu 4 \fB%_pkgverify_flags\fR .IP \(bu 4 \fB%_pkgverify_level\fR .PD .PP .SH EXIT STATUS On success, 0 is returned, a nonzero failure code otherwise.\& .PP .SH EXAMPLES .PP \fBrpmkeys --export 771b18d3d7baa28734333c424344591e1964c5fc | sq inspect\fR .RS 4 Export key 771b18d3d7baa28734333c424344591e1964c5fc for inspecting with sequoia-sq.\& .PP .RE \fBrpmkeys --erase 771b18d3d7baa28734333c424344591e1964c5fc\fR .RS 4 Erase key 771b18d3d7baa28734333c424344591e1964c5fc from the keyring.\& .PP .RE \fBrpmkeys -K hello-2.\&0-1.\&x86_64.\&rpm\fR .RS 4 Verify hello-2.\&0-1.\&x86_64.\&rpm package file.\& .PP .RE .SH SEE ALSO \fBpopt\fR(3), \fBrpm\fR(8), \fBrpm-common\fR(8), \fBrpm-config\fR(5), \fBrpmsign\fR(1) .PP \fBrpmkeys --help\fR - as \fBrpm\fR(8) supports customizing the options via popt aliases it'\&s impossible to guarantee that what'\&s described in the manual matches what'\&s available.\& .PP \fBhttp://www.\&rpm.\&org/\fR