1PACMAN-KEY(8)                    Pacman Manual                   PACMAN-KEY(8)
2
3
4

NAME

6       pacman-key - manage pacman's list of trusted keys
7

SYNOPSIS

9       pacman-key [options] operation [targets]
10

DESCRIPTION

12       pacman-key is a wrapper script for GnuPG used to manage pacman’s
13       keyring, which is the collection of PGP keys used to check signed
14       packages and databases. It provides the ability to import and export
15       keys, fetch keys from keyservers and update the key trust database.
16
17       More complex keyring management can be achieved using GnuPG directly
18       combined with the --homedir option pointing at the pacman keyring
19       (located in /etc/pacman.d/gnupg by default).
20
21       Invoking pacman-key consists of supplying an operation with any
22       potential options and targets to operate on. Depending on the
23       operation, a target may be a valid key identifier, filename, or
24       directory.
25

OPERATIONS

27       -a, --add
28           Add the key(s) contained in the specified file or files to pacman’s
29           keyring. If a key already exists, update it.
30
31       -d, --delete
32           Remove the key(s) identified by the specified keyid(s) from
33           pacman’s keyring.
34
35       -e, --export
36           Export key(s) identified by the specified keyid(s) to stdout. If no
37           keyid is specified, all keys will be exported.
38
39       --edit-key
40           Present a menu for key management task on the specified keyid(s).
41           Useful for adjusting a keys trust level.
42
43       -f, --finger
44           List a fingerprint for each specified keyid, or for all known keys
45           if no keyids are specified.
46
47       -h, --help
48           Output syntax and command line options.
49
50       --import
51           Imports keys from pubring.gpg into the public keyring from the
52           specified directories.
53
54       --import-trustdb
55           Imports ownertrust values from trustdb.gpg into the shared trust
56           database from the specified directories.
57
58       --init
59           Ensure the keyring is properly initialized and has the required
60           access permissions.
61
62       -l, --list-keys
63           Lists all or specified keys from the public keyring.
64
65       --list-sigs
66           Same as --list-keys, but the signatures are listed too.
67
68       --lsign-key
69           Locally sign the given key. This is primarily used to root the web
70           of trust in the local private key generated by --init.
71
72       --nocolor
73           Disable colored output from pacman-key.
74
75       -r, --recv-keys
76           Equivalent to --recv-keys in GnuPG.
77
78       --refresh-keys
79           Equivalent to --refresh-keys in GnuPG.
80
81       --populate
82           Reload the default keys from the (optionally provided) keyrings in
83           /usr/share/pacman/keyrings. For more information, see Providing a
84           Keyring for Import below.
85
86       -u, --updatedb
87           Equivalent to --check-trustdb in GnuPG. This operation can be
88           specified with other operations.
89
90       -V, --version
91           Displays the program version.
92
93       -v, --verify
94           Verify the file(s) specified by the signature(s).
95

OPTIONS

97       --config <file>
98           Use an alternate configuration file instead of the /etc/pacman.conf
99           default.
100
101       --gpgdir <dir>
102           Set an alternate home directory for GnuPG. If unspecified, the
103           value is read from /etc/pacman.conf.
104
105       --keyserver <keyserver>
106           Use the specified keyserver if the operation requires one. This
107           will take precedence over any keyserver option specified in a
108           gpg.conf configuration file. Running --init with this option will
109           set the default keyserver if one was not already configured.
110

PROVIDING A KEYRING FOR IMPORT

112       A distribution or other repository provided may want to provide a set
113       of PGP keys used in the signing of its packages and repository
114       databases that can be readily imported into the pacman keyring. This is
115       achieved by providing a PGP keyring file foo.gpg that contains the keys
116       for the foo keyring in the directory /usr/share/pacman/keyrings.
117
118       Optionally, the file foo-trusted can be provided containing a list of
119       trusted key IDs for that keyring. This is a file in a format compatible
120       with gpg --export-ownertrust output. This file will inform the user
121       which keys a user needs to verify and sign to build a local web of
122       trust, in addition to assigning provided owner trust values.
123
124       Also optionally, the file foo-revoked can be provided containing a list
125       of revoked key IDs for that keyring. Revoked is defined as "no longer
126       valid for any signing", so should be used with prudence. A key being
127       marked as revoked will be disabled in the keyring and no longer treated
128       as valid, so this always takes priority over it’s trusted state in any
129       other keyring.
130

SEE ALSO

132       pacman(8), pacman.conf(5)
133
134       See the pacman website at https://www.archlinux.org/pacman/ for current
135       information on pacman and its related tools.
136

BUGS

138       Bugs? You must be kidding; there are no bugs in this software. But if
139       we happen to be wrong, send us an email with as much detail as possible
140       to pacman-dev@archlinux.org.
141

AUTHORS

143       Current maintainers:
144
145       ·   Allan McRae <allan@archlinux.org>
146
147       ·   Andrew Gregory <andrew.gregory.8@gmail.com>
148
149       ·   Dan McGee <dan@archlinux.org>
150
151       ·   Dave Reisner <dreisner@archlinux.org>
152
153       Past major contributors:
154
155       ·   Judd Vinet <jvinet@zeroflux.org>
156
157       ·   Aurelien Foret <aurelien@archlinux.org>
158
159       ·   Aaron Griffin <aaron@archlinux.org>
160
161       ·   Xavier Chantry <shiningxc@gmail.com>
162
163       ·   Nagy Gabor <ngaba@bibl.u-szeged.hu>
164
165       For additional contributors, use git shortlog -s on the pacman.git
166       repository.
167
168
169
170Pacman 5.0.2                      2019-07-26                     PACMAN-KEY(8)
Impressum