[apt.git] / doc / apt-key.8.xml

<?xml version="1.0" encoding="utf-8" standalone="no"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY % aptent SYSTEM "apt.ent">
%aptent;

<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
%aptverbatiment;

]>

<refentry>
 <refentryinfo>
   &apt-author.jgunthorpe;
   &apt-author.team;
   &apt-email;
   &apt-product;
   <!-- The last update date -->
   <date>2012-05-21T00:00:00Z</date>
 </refentryinfo>

 <refmeta>
   <refentrytitle>apt-key</refentrytitle>
   <manvolnum>8</manvolnum>
   <refmiscinfo class="manual">APT</refmiscinfo>
 </refmeta>
 
 <!-- Man page title -->
 <refnamediv>
    <refname>apt-key</refname>
    <refpurpose>APT key management utility</refpurpose>
 </refnamediv>

 &synopsis-command-apt-key;

 <refsect1><title>Description</title>
   <para>
   <command>apt-key</command> is used to manage the list of keys used
   by apt to authenticate packages.  Packages which have been
   authenticated using these keys will be considered trusted.
   </para>
</refsect1>

<refsect1><title>Commands</title>
   <variablelist>
     <varlistentry><term><option>add</option> <option>&synopsis-param-filename;</option></term>
     <listitem>
     <para>
       Add a new key to the list of trusted keys.
       The key is read from the filename given with the parameter
       &synopsis-param-filename; or if the filename is <literal>-</literal>
       from standard input.
     </para>

     </listitem>
     </varlistentry>

     <varlistentry><term><option>del</option> <option>&synopsis-param-keyid;</option></term>
     <listitem>
     <para>

       Remove a key from the list of trusted keys.

     </para>

     </listitem>
     </varlistentry>

     <varlistentry><term><option>export</option> <option>&synopsis-param-keyid;</option></term>
     <listitem>
     <para>

        Output the key &synopsis-param-keyid; to standard output.

     </para>

     </listitem>
     </varlistentry>

     <varlistentry><term><option>exportall</option></term>
     <listitem>
     <para>

        Output all trusted keys to standard output.

     </para>

     </listitem>
     </varlistentry>

     <varlistentry><term><option>list</option></term>
     <listitem>
     <para>

       List trusted keys.

     </para>

     </listitem>
     </varlistentry>
     
     <varlistentry><term><option>finger</option></term>
     <listitem>
     <para>

     List fingerprints of trusted keys.

     </para>

     </listitem>
     </varlistentry>
     
     <varlistentry><term><option>adv</option></term>
     <listitem>
     <para>

     Pass advanced options to gpg. With adv --recv-key you can download the 
	 public key.  

     </para>

     </listitem>
     </varlistentry>

     <varlistentry><term><option>update</option></term>
     <listitem>
     <para>

       Update the local keyring with the archive keyring and remove from
       the local keyring the archive keys which are no longer valid.
       The archive keyring is shipped in the <literal>archive-keyring</literal> package of your
       distribution, e.g. the <literal>debian-archive-keyring</literal> package in Debian.

     </para>

     </listitem>
     </varlistentry>
     
     <varlistentry><term><option>net-update</option></term>
     <listitem>
     <para>

       Work similar to the <command>update</command> command above, but get the
       archive keyring from an URI instead and validate it against a master key.

       This requires an installed &wget; and an APT build configured to have
       a server to fetch from and a master keyring to validate.

       APT in Debian does not support this command and relies on
       <command>update</command> instead, but Ubuntu's APT does.

     </para>

     </listitem>
     </varlistentry>
   </variablelist>
</refsect1>

 <refsect1><title>Options</title>
<para>Note that options need to be defined before the commands described in the previous section.</para>
   <variablelist>
      <varlistentry><term><option>--keyring</option> <option>&synopsis-param-filename;</option></term>
      <listitem><para>With this option it is possible to specify a specific keyring
      file the command should operate on. The default is that a command is executed
      on the <filename>trusted.gpg</filename> file as well as on all parts in the
      <filename>trusted.gpg.d</filename> directory, though <filename>trusted.gpg</filename>
      is the primary keyring which means that e.g. new keys are added to this one.
      </para></listitem>
      </varlistentry>
   </variablelist>
 </refsect1>

 <refsect1><title>Files</title>
   <variablelist>

     &file-trustedgpg;

     <varlistentry><term><filename>/etc/apt/trustdb.gpg</filename></term>
     <listitem><para>Local trust database of archive keys.</para></listitem>
     </varlistentry>

     <varlistentry><term><filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename></term>
     <listitem><para>Keyring of Debian archive trusted keys.</para></listitem>
     </varlistentry>

     <varlistentry><term><filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename></term>
     <listitem><para>Keyring of Debian archive removed trusted keys.</para></listitem>
     </varlistentry>

   </variablelist>

</refsect1>

<refsect1><title>See Also</title>
<para>
&apt-get;, &apt-secure;
</para>
</refsect1>

 &manbugs;
 &manauthor;

</refentry>
Commit	Line	Data
b3d44315	1	<?xml version="1.0" encoding="utf-8" standalone="no"?>
81cf16a2 DK	2	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
81cf16a2 DK	3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
b3d44315 MV	4
	5	<!ENTITY % aptent SYSTEM "apt.ent">
	6	%aptent;
	7
0c1a7101 DK	8	<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
	9	%aptverbatiment;
	10
b3d44315 MV	11	]>
	12
	13	<refentry>
45fb8bf7 DK	14	<refentryinfo>
	15	&apt-author.jgunthorpe;
	16	&apt-author.team;
	17	&apt-email;
	18	&apt-product;
	19	<!-- The last update date -->
	20	<date>2012-05-21T00:00:00Z</date>
	21	</refentryinfo>
	22
b3d44315 MV	23	<refmeta>
	24	<refentrytitle>apt-key</refentrytitle>
	25	<manvolnum>8</manvolnum>
f0599b9c	26	<refmiscinfo class="manual">APT</refmiscinfo>
b3d44315 MV	27	</refmeta>
	28
	29	<!-- Man page title -->
	30	<refnamediv>
	31	<refname>apt-key</refname>
	32	<refpurpose>APT key management utility</refpurpose>
	33	</refnamediv>
	34
6e8b4572	35	&synopsis-command-apt-key;
b3d44315 MV	36
	37	<refsect1><title>Description</title>
	38	<para>
	39	<command>apt-key</command> is used to manage the list of keys used
	40	by apt to authenticate packages. Packages which have been
	41	authenticated using these keys will be considered trusted.
	42	</para>
	43	</refsect1>
	44
	45	<refsect1><title>Commands</title>
	46	<variablelist>
2b9b27c3	47	<varlistentry><term><option>add</option> <option>&synopsis-param-filename;</option></term>
b3d44315 MV	48	<listitem>
b3d44315 MV	49	<para>
c086ac18 DK	50	Add a new key to the list of trusted keys.
	51	The key is read from the filename given with the parameter
	52	&synopsis-param-filename; or if the filename is <literal>-</literal>
	53	from standard input.
b3d44315 MV	54	</para>
	55
	56	</listitem>
	57	</varlistentry>
	58
2b9b27c3	59	<varlistentry><term><option>del</option> <option>&synopsis-param-keyid;</option></term>
b3d44315 MV	60	<listitem>
	61	<para>
	62
	63	Remove a key from the list of trusted keys.
	64
	65	</para>
	66
	67	</listitem>
	68	</varlistentry>
	69
2b9b27c3	70	<varlistentry><term><option>export</option> <option>&synopsis-param-keyid;</option></term>
bf6d5b42 OS	71	<listitem>
	72	<para>
	73
6e8b4572	74	Output the key &synopsis-param-keyid; to standard output.
bf6d5b42 OS	75
	76	</para>
	77
	78	</listitem>
	79	</varlistentry>
	80
2b9b27c3	81	<varlistentry><term><option>exportall</option></term>
bf6d5b42 OS	82	<listitem>
	83	<para>
	84
	85	Output all trusted keys to standard output.
	86
	87	</para>
	88
	89	</listitem>
	90	</varlistentry>
	91
2b9b27c3	92	<varlistentry><term><option>list</option></term>
b3d44315 MV	93	<listitem>
	94	<para>
	95
	96	List trusted keys.
d2793259	97
b3d44315 MV	98	</para>
b3d44315 MV	99
a8cabc8f LB	100	</listitem>
	101	</varlistentry>
	102
2b9b27c3	103	<varlistentry><term><option>finger</option></term>
a8cabc8f LB	104	<listitem>
	105	<para>
	106
	107	List fingerprints of trusted keys.
	108
	109	</para>
	110
	111	</listitem>
	112	</varlistentry>
	113
2b9b27c3	114	<varlistentry><term><option>adv</option></term>
a8cabc8f LB	115	<listitem>
	116	<para>
	117
	118	Pass advanced options to gpg. With adv --recv-key you can download the
	119	public key.
	120
	121	</para>
	122
b3d44315 MV	123	</listitem>
b3d44315 MV	124	</varlistentry>
d2793259	125
2b9b27c3	126	<varlistentry><term><option>update</option></term>
d2793259 MV	127	<listitem>
	128	<para>
	129
00c6e1a3 MV	130	Update the local keyring with the archive keyring and remove from
	131	the local keyring the archive keys which are no longer valid.
	132	The archive keyring is shipped in the <literal>archive-keyring</literal> package of your
	133	distribution, e.g. the <literal>debian-archive-keyring</literal> package in Debian.
d2793259 MV	134
	135	</para>
	136
	137	</listitem>
	138	</varlistentry>
f37e6374	139
2b9b27c3	140	<varlistentry><term><option>net-update</option></term>
f37e6374 JAK	141	<listitem>
	142	<para>
	143
00c6e1a3 MV	144	Work similar to the <command>update</command> command above, but get the
	145	archive keyring from an URI instead and validate it against a master key.
	146
	147	This requires an installed &wget; and an APT build configured to have
	148	a server to fetch from and a master keyring to validate.
	149
	150	APT in Debian does not support this command and relies on
	151	<command>update</command> instead, but Ubuntu's APT does.
f37e6374 JAK	152
	153	</para>
	154
	155	</listitem>
	156	</varlistentry>
d2793259 MV	157	</variablelist>
	158	</refsect1>
	159
46e39c8e MV	160	<refsect1><title>Options</title>
	161	<para>Note that options need to be defined before the commands described in the previous section.</para>
	162	<variablelist>
2b9b27c3	163	<varlistentry><term><option>--keyring</option> <option>&synopsis-param-filename;</option></term>
46e39c8e MV	164	<listitem><para>With this option it is possible to specify a specific keyring
	165	file the command should operate on. The default is that a command is executed
	166	on the <filename>trusted.gpg</filename> file as well as on all parts in the
2130caa8	167	<filename>trusted.gpg.d</filename> directory, though <filename>trusted.gpg</filename>
46e39c8e MV	168	is the primary keyring which means that e.g. new keys are added to this one.
	169	</para></listitem>
	170	</varlistentry>
	171	</variablelist>
	172	</refsect1>
	173
d2793259 MV	174	<refsect1><title>Files</title>
d2793259 MV	175	<variablelist>
46e39c8e MV	176
46e39c8e MV	177	&file-trustedgpg;
d2793259 MV	178
	179	<varlistentry><term><filename>/etc/apt/trustdb.gpg</filename></term>
	180	<listitem><para>Local trust database of archive keys.</para></listitem>
	181	</varlistentry>
	182
	183	<varlistentry><term><filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename></term>
	184	<listitem><para>Keyring of Debian archive trusted keys.</para></listitem>
	185	</varlistentry>
	186
	187	<varlistentry><term><filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename></term>
	188	<listitem><para>Keyring of Debian archive removed trusted keys.</para></listitem>
	189	</varlistentry>
	190
b3d44315	191	</variablelist>
d2793259	192
b3d44315 MV	193	</refsect1>
b3d44315 MV	194
d2793259 MV	195	<refsect1><title>See Also</title>
	196	<para>
	197	&apt-get;, &apt-secure;
	198	</para>
	199	</refsect1>
b3d44315 MV	200
	201	&manbugs;
	202	&manauthor;
	203
	204	</refentry>
	205