[apt.git] / doc / apt-key.8.xml

<?xml version="1.0" encoding="utf-8" standalone="no"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [

<!ENTITY % aptent SYSTEM "apt.ent">
%aptent;

<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
%aptverbatiment;

]>

<refentry>
 &apt-docinfo;
 
 <refmeta>
   <refentrytitle>apt-key</refentrytitle>
   <manvolnum>8</manvolnum>
   <refmiscinfo class="manual">APT</refmiscinfo>
 </refmeta>
 
 <!-- Man page title -->
 <refnamediv>
    <refname>apt-key</refname>
    <refpurpose>APT key management utility</refpurpose>
 </refnamediv>

 <!-- Arguments -->
 <refsynopsisdiv>
   <cmdsynopsis>
      <command>apt-key</command>
      <arg><option>--keyring <replaceable>filename</replaceable></option></arg>
      <arg><replaceable>command</replaceable></arg>
      <arg rep="repeat"><option><replaceable>arguments</replaceable></option></arg>
   </cmdsynopsis>
 </refsynopsisdiv>

 <refsect1><title>Description</title>
   <para>
   <command>apt-key</command> is used to manage the list of keys used
   by apt to authenticate packages.  Packages which have been
   authenticated using these keys will be considered trusted.
   </para>
</refsect1>

<refsect1><title>Commands</title>
   <variablelist>
     <varlistentry><term>add <replaceable>filename</replaceable></term>
     <listitem>
     <para>

       Add a new key to the list of trusted keys.  The key is read
       from <replaceable>filename</replaceable>, or standard input if
       <replaceable>filename</replaceable> is <literal>-</literal>.
     </para>

     </listitem>
     </varlistentry>

     <varlistentry><term>del <replaceable>keyid</replaceable></term>
     <listitem>
     <para>

       Remove a key from the list of trusted keys.

     </para>

     </listitem>
     </varlistentry>

     <varlistentry><term>export <replaceable>keyid</replaceable></term>
     <listitem>
     <para>

        Output the key <replaceable>keyid</replaceable> to standard output.

     </para>

     </listitem>
     </varlistentry>

     <varlistentry><term>exportall</term>
     <listitem>
     <para>

        Output all trusted keys to standard output.

     </para>

     </listitem>
     </varlistentry>

     <varlistentry><term>list</term>
     <listitem>
     <para>

       List trusted keys.

     </para>

     </listitem>
     </varlistentry>
     
	 <varlistentry><term>finger</term>
     <listitem>
     <para>

     List fingerprints of trusted keys.

     </para>

     </listitem>
     </varlistentry>
     
	 <varlistentry><term>adv</term>
     <listitem>
     <para>

     Pass advanced options to gpg. With adv --recv-key you can download the 
	 public key.  

     </para>

     </listitem>
     </varlistentry>

     <varlistentry><term>update</term>
     <listitem>
     <para>

       Update the local keyring with the archive keyring and remove from
       the local keyring the archive keys which are no longer valid.
       The archive keyring is shipped in the <literal>archive-keyring</literal> package of your
       distribution, e.g. the <literal>debian-archive-keyring</literal> package in Debian.

     </para>

     </listitem>
     </varlistentry>
     
     <varlistentry><term>net-update</term>
     <listitem>
     <para>

       Work similar to the <command>update</command> command above, but get the
       archive keyring from an URI instead and validate it against a master key.

       This requires an installed &wget; and an APT build configured to have
       a server to fetch from and a master keyring to validate.

       APT in Debian does not support this command and relies on
       <command>update</command> instead, but Ubuntu's APT does.

     </para>

     </listitem>
     </varlistentry>
   </variablelist>
</refsect1>

 <refsect1><title>Options</title>
<para>Note that options need to be defined before the commands described in the previous section.</para>
   <variablelist>
      <varlistentry><term>--keyring <replaceable>filename</replaceable></term>
      <listitem><para>With this option it is possible to specify a specific keyring
      file the command should operate on. The default is that a command is executed
      on the <filename>trusted.gpg</filename> file as well as on all parts in the
      <filename>trusted.gpg.d</filename> directory, through <filename>trusted.gpg</filename>
      is the primary keyring which means that e.g. new keys are added to this one.
      </para></listitem>
      </varlistentry>
   </variablelist>
 </refsect1>

 <refsect1><title>Files</title>
   <variablelist>

     &file-trustedgpg;

     <varlistentry><term><filename>/etc/apt/trustdb.gpg</filename></term>
     <listitem><para>Local trust database of archive keys.</para></listitem>
     </varlistentry>

     <varlistentry><term><filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename></term>
     <listitem><para>Keyring of Debian archive trusted keys.</para></listitem>
     </varlistentry>

     <varlistentry><term><filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename></term>
     <listitem><para>Keyring of Debian archive removed trusted keys.</para></listitem>
     </varlistentry>

   </variablelist>

</refsect1>

<refsect1><title>See Also</title>
<para>
&apt-get;, &apt-secure;
</para>
</refsect1>

 &manbugs;
 &manauthor;

</refentry>
Commit	Line	Data
b3d44315 MV	1	<?xml version="1.0" encoding="utf-8" standalone="no"?>
	2	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
	3	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
	4
	5	<!ENTITY % aptent SYSTEM "apt.ent">
	6	%aptent;
	7
0c1a7101 DK	8	<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
	9	%aptverbatiment;
	10
b3d44315 MV	11	]>
	12
	13	<refentry>
	14	&apt-docinfo;
	15
	16	<refmeta>
	17	<refentrytitle>apt-key</refentrytitle>
	18	<manvolnum>8</manvolnum>
f0599b9c	19	<refmiscinfo class="manual">APT</refmiscinfo>
b3d44315 MV	20	</refmeta>
	21
	22	<!-- Man page title -->
	23	<refnamediv>
	24	<refname>apt-key</refname>
	25	<refpurpose>APT key management utility</refpurpose>
	26	</refnamediv>
	27
	28	<!-- Arguments -->
	29	<refsynopsisdiv>
	30	<cmdsynopsis>
	31	<command>apt-key</command>
46e39c8e MV	32	<arg><option>--keyring <replaceable>filename</replaceable></option></arg>
46e39c8e MV	33	<arg><replaceable>command</replaceable></arg>
b3d44315 MV	34	<arg rep="repeat"><option><replaceable>arguments</replaceable></option></arg>
	35	</cmdsynopsis>
	36	</refsynopsisdiv>
	37
	38	<refsect1><title>Description</title>
	39	<para>
	40	<command>apt-key</command> is used to manage the list of keys used
	41	by apt to authenticate packages. Packages which have been
	42	authenticated using these keys will be considered trusted.
	43	</para>
	44	</refsect1>
	45
	46	<refsect1><title>Commands</title>
	47	<variablelist>
	48	<varlistentry><term>add <replaceable>filename</replaceable></term>
	49	<listitem>
	50	<para>
	51
	52	Add a new key to the list of trusted keys. The key is read
	53	from <replaceable>filename</replaceable>, or standard input if
	54	<replaceable>filename</replaceable> is <literal>-</literal>.
	55	</para>
	56
	57	</listitem>
	58	</varlistentry>
	59
	60	<varlistentry><term>del <replaceable>keyid</replaceable></term>
	61	<listitem>
	62	<para>
	63
	64	Remove a key from the list of trusted keys.
	65
	66	</para>
	67
	68	</listitem>
	69	</varlistentry>
	70
bf6d5b42 OS	71	<varlistentry><term>export <replaceable>keyid</replaceable></term>
	72	<listitem>
	73	<para>
	74
	75	Output the key <replaceable>keyid</replaceable> to standard output.
	76
	77	</para>
	78
	79	</listitem>
	80	</varlistentry>
	81
	82	<varlistentry><term>exportall</term>
	83	<listitem>
	84	<para>
	85
	86	Output all trusted keys to standard output.
	87
	88	</para>
	89
	90	</listitem>
	91	</varlistentry>
	92
b3d44315 MV	93	<varlistentry><term>list</term>
	94	<listitem>
	95	<para>
	96
	97	List trusted keys.
d2793259	98
b3d44315 MV	99	</para>
b3d44315 MV	100
a8cabc8f LB	101	</listitem>
	102	</varlistentry>
	103
	104	<varlistentry><term>finger</term>
	105	<listitem>
	106	<para>
	107
	108	List fingerprints of trusted keys.
	109
	110	</para>
	111
	112	</listitem>
	113	</varlistentry>
	114
	115	<varlistentry><term>adv</term>
	116	<listitem>
	117	<para>
	118
	119	Pass advanced options to gpg. With adv --recv-key you can download the
	120	public key.
	121
	122	</para>
	123
b3d44315 MV	124	</listitem>
b3d44315 MV	125	</varlistentry>
d2793259 MV	126
	127	<varlistentry><term>update</term>
	128	<listitem>
	129	<para>
	130
00c6e1a3 MV	131	Update the local keyring with the archive keyring and remove from
	132	the local keyring the archive keys which are no longer valid.
	133	The archive keyring is shipped in the <literal>archive-keyring</literal> package of your
	134	distribution, e.g. the <literal>debian-archive-keyring</literal> package in Debian.
d2793259 MV	135
	136	</para>
	137
	138	</listitem>
	139	</varlistentry>
f37e6374 JAK	140
	141	<varlistentry><term>net-update</term>
	142	<listitem>
	143	<para>
	144
00c6e1a3 MV	145	Work similar to the <command>update</command> command above, but get the
	146	archive keyring from an URI instead and validate it against a master key.
	147
	148	This requires an installed &wget; and an APT build configured to have
	149	a server to fetch from and a master keyring to validate.
	150
	151	APT in Debian does not support this command and relies on
	152	<command>update</command> instead, but Ubuntu's APT does.
f37e6374 JAK	153
	154	</para>
	155
	156	</listitem>
	157	</varlistentry>
d2793259 MV	158	</variablelist>
	159	</refsect1>
	160
46e39c8e MV	161	<refsect1><title>Options</title>
	162	<para>Note that options need to be defined before the commands described in the previous section.</para>
	163	<variablelist>
	164	<varlistentry><term>--keyring <replaceable>filename</replaceable></term>
	165	<listitem><para>With this option it is possible to specify a specific keyring
	166	file the command should operate on. The default is that a command is executed
	167	on the <filename>trusted.gpg</filename> file as well as on all parts in the
	168	<filename>trusted.gpg.d</filename> directory, through <filename>trusted.gpg</filename>
	169	is the primary keyring which means that e.g. new keys are added to this one.
	170	</para></listitem>
	171	</varlistentry>
	172	</variablelist>
	173	</refsect1>
	174
d2793259 MV	175	<refsect1><title>Files</title>
d2793259 MV	176	<variablelist>
46e39c8e MV	177
46e39c8e MV	178	&file-trustedgpg;
d2793259 MV	179
	180	<varlistentry><term><filename>/etc/apt/trustdb.gpg</filename></term>
	181	<listitem><para>Local trust database of archive keys.</para></listitem>
	182	</varlistentry>
	183
	184	<varlistentry><term><filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename></term>
	185	<listitem><para>Keyring of Debian archive trusted keys.</para></listitem>
	186	</varlistentry>
	187
	188	<varlistentry><term><filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename></term>
	189	<listitem><para>Keyring of Debian archive removed trusted keys.</para></listitem>
	190	</varlistentry>
	191
b3d44315	192	</variablelist>
d2793259	193
b3d44315 MV	194	</refsect1>
b3d44315 MV	195
d2793259 MV	196	<refsect1><title>See Also</title>
	197	<para>
	198	&apt-get;, &apt-secure;
	199	</para>
	200	</refsect1>
b3d44315 MV	201
	202	&manbugs;
	203	&manauthor;
	204
	205	</refentry>
	206