1PACMAN-KEY(8)                    Pacman Manual                   PACMAN-KEY(8)
2
3
4

NAME

6       pacman-key - manage pacman's list of trusted keys
7

SYNOPSIS

9       pacman-key [options] operation [targets]
10

DESCRIPTION

12       pacman-key is a wrapper script for GnuPG used to manage pacman’s
13       keyring, which is the collection of PGP keys used to check signed
14       packages and databases. It provides the ability to import and export
15       keys, fetch keys from keyservers and update the key trust database.
16
17       More complex keyring management can be achieved using GnuPG directly
18       combined with the --homedir option pointing at the pacman keyring
19       (located in /etc/pacman.d/gnupg by default).
20
21       Invoking pacman-key consists of supplying an operation with any
22       potential options and targets to operate on. Depending on the
23       operation, a target may be a valid key identifier, filename, or
24       directory.
25

OPERATIONS

27       -a, --add
28           Add the key(s) contained in the specified file or files to pacman’s
29           keyring. If a key already exists, update it.
30
31       -d, --delete
32           Remove the key(s) identified by the specified keyid(s) from
33           pacman’s keyring.
34
35       -e, --export
36           Export key(s) identified by the specified keyid(s) to stdout. If no
37           keyid is specified, all keys will be exported.
38
39       --edit-key
40           Present a menu for key management task on the specified keyid(s).
41           Useful for adjusting a keys trust level.
42
43       -f, --finger
44           List a fingerprint for each specified keyid, or for all known keys
45           if no keyids are specified.
46
47       -h, --help
48           Output syntax and command line options.
49
50       --import
51           Imports keys from pubring.gpg into the public keyring from the
52           specified directories.
53
54       --import-trustdb
55           Imports ownertrust values from trustdb.gpg into the shared trust
56           database from the specified directories.
57
58       --init
59           Ensure the keyring is properly initialized and has the required
60           access permissions.
61
62       -l, --list-keys
63           Lists all or specified keys from the public keyring.
64
65       --list-sigs
66           Same as --list-keys, but the signatures are listed too.
67
68       --lsign-key
69           Locally sign the given key. This is primarily used to root the web
70           of trust in the local private key generated by --init.
71
72       --nocolor
73           Disable colored output from pacman-key.
74
75       -r, --recv-keys
76           Equivalent to --recv-keys in GnuPG.
77
78       --refresh-keys
79           Equivalent to --refresh-keys in GnuPG.
80
81       --populate
82           Reload the default keys from the (optionally provided) keyrings in
83           /usr/share/pacman/keyrings. For more information, see Providing a
84           Keyring for Import below.
85
86       -u, --updatedb
87           Equivalent to --check-trustdb in GnuPG. This operation can be
88           specified with other operations.
89
90       -V, --version
91           Displays the program version.
92
93       -v, --verify
94           Assume that the first argument is a signature and verify it. If a
95           second argument is provided, it is the file to be verified.
96
97           With only one argument given, assume that the signature is a
98           detached signature, and look for a matching data file to verify by
99           stripping the file extension. If no matching data file is found,
100           fall back on GnuPG semantics and attempt to verify a file with an
101           embedded signature.
102

OPTIONS

104       --config <file>
105           Use an alternate configuration file instead of the /etc/pacman.conf
106           default.
107
108       --gpgdir <dir>
109           Set an alternate home directory for GnuPG. If unspecified, the
110           value is read from /etc/pacman.conf.
111
112       --keyserver <keyserver>
113           Use the specified keyserver if the operation requires one. This
114           will take precedence over any keyserver option specified in a
115           gpg.conf configuration file. Running --init with this option will
116           set the default keyserver if one was not already configured.
117

PROVIDING A KEYRING FOR IMPORT

119       A distribution or other repository provided may want to provide a set
120       of PGP keys used in the signing of its packages and repository
121       databases that can be readily imported into the pacman keyring. This is
122       achieved by providing a PGP keyring file foo.gpg that contains the keys
123       for the foo keyring in the directory /usr/share/pacman/keyrings.
124
125       Optionally, the file foo-trusted can be provided containing a list of
126       trusted key IDs for that keyring. This is a file in a format compatible
127       with gpg --export-ownertrust output. This file will inform the user
128       which keys a user needs to verify and sign to build a local web of
129       trust, in addition to assigning provided owner trust values.
130
131       Also optionally, the file foo-revoked can be provided containing a list
132       of revoked key IDs for that keyring. Revoked is defined as "no longer
133       valid for any signing", so should be used with prudence. A key being
134       marked as revoked will be disabled in the keyring and no longer treated
135       as valid, so this always takes priority over it’s trusted state in any
136       other keyring.
137

SEE ALSO

139       pacman(8), pacman.conf(5)
140
141       See the pacman website at https://archlinux.org/pacman/ for current
142       information on pacman and its related tools.
143

BUGS

145       Bugs? You must be kidding; there are no bugs in this software. But if
146       we happen to be wrong, submit a bug report with as much detail as
147       possible at the Arch Linux Bug Tracker in the Pacman section.
148

AUTHORS

150       Current maintainers:
151
152       •   Allan McRae <allan@archlinux.org>
153
154       •   Andrew Gregory <andrew.gregory.8@gmail.com>
155
156       •   Eli Schwartz <eschwartz@archlinux.org>
157
158       •   Morgan Adamiec <morganamilo@archlinux.org>
159
160       Past major contributors:
161
162       •   Judd Vinet <jvinet@zeroflux.org>
163
164       •   Aurelien Foret <aurelien@archlinux.org>
165
166       •   Aaron Griffin <aaron@archlinux.org>
167
168       •   Dan McGee <dan@archlinux.org>
169
170       •   Xavier Chantry <shiningxc@gmail.com>
171
172       •   Nagy Gabor <ngaba@bibl.u-szeged.hu>
173
174       •   Dave Reisner <dreisner@archlinux.org>
175
176       For additional contributors, use git shortlog -s on the pacman.git
177       repository.
178
179
180
181Pacman 6.0.2                      2023-05-19                     PACMAN-KEY(8)
Impressum