doc/apt-key.8.xml

   1 <?xml version="1.0" encoding="utf-8" standalone="no"?>
   2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
   3   "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
   4
   5 <!ENTITY % aptent SYSTEM "apt.ent">
   6 %aptent;
   7
   8 <!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
   9 %aptverbatiment;
  10
  11 ]>
  12
  13 <refentry>
  14  &apt-docinfo;
  15
  16  <refmeta>
  17    <refentrytitle>apt-key</refentrytitle>
  18    <manvolnum>8</manvolnum>
  19    <refmiscinfo class="manual">APT</refmiscinfo>
  20  </refmeta>
  21
  22  <!-- Man page title -->
  23  <refnamediv>
  24     <refname>apt-key</refname>
  25     <refpurpose>APT key management utility</refpurpose>
  26  </refnamediv>
  27
  28  <!-- Arguments -->
  29  <refsynopsisdiv>
  30    <cmdsynopsis>
  31       <command>apt-key</command>
  32       <arg><option>--keyring <replaceable>filename</replaceable></option></arg>
  33       <arg><replaceable>command</replaceable></arg>
  34       <arg rep="repeat"><option><replaceable>arguments</replaceable></option></arg>
  35    </cmdsynopsis>
  36  </refsynopsisdiv>
  37
  38  <refsect1><title>Description</title>
  39    <para>
  40    <command>apt-key</command> is used to manage the list of keys used
  41    by apt to authenticate packages.  Packages which have been
  42    authenticated using these keys will be considered trusted.
  43    </para>
  44 </refsect1>
  45
  46 <refsect1><title>Commands</title>
  47    <variablelist>
  48      <varlistentry><term>add <replaceable>filename</replaceable></term>
  49      <listitem>
  50      <para>
  51
  52        Add a new key to the list of trusted keys.  The key is read
  53        from <replaceable>filename</replaceable>, or standard input if
  54        <replaceable>filename</replaceable> is <literal>-</literal>.
  55      </para>
  56
  57      </listitem>
  58      </varlistentry>
  59
  60      <varlistentry><term>del <replaceable>keyid</replaceable></term>
  61      <listitem>
  62      <para>
  63
  64        Remove a key from the list of trusted keys.
  65
  66      </para>
  67
  68      </listitem>
  69      </varlistentry>
  70
  71      <varlistentry><term>export <replaceable>keyid</replaceable></term>
  72      <listitem>
  73      <para>
  74
  75         Output the key <replaceable>keyid</replaceable> to standard output.
  76
  77      </para>
  78
  79      </listitem>
  80      </varlistentry>
  81
  82      <varlistentry><term>exportall</term>
  83      <listitem>
  84      <para>
  85
  86         Output all trusted keys to standard output.
  87
  88      </para>
  89
  90      </listitem>
  91      </varlistentry>
  92
  93      <varlistentry><term>list</term>
  94      <listitem>
  95      <para>
  96
  97        List trusted keys.
  98
  99      </para>
 100
 101      </listitem>
 102      </varlistentry>
 103
 104          <varlistentry><term>finger</term>
 105      <listitem>
 106      <para>
 107
 108      List fingerprints of trusted keys.
 109
 110      </para>
 111
 112      </listitem>
 113      </varlistentry>
 114
 115          <varlistentry><term>adv</term>
 116      <listitem>
 117      <para>
 118
 119      Pass advanced options to gpg. With adv --recv-key you can download the
 120          public key.
 121
 122      </para>
 123
 124      </listitem>
 125      </varlistentry>
 126
 127      <varlistentry><term>update</term>
 128      <listitem>
 129      <para>
 130
 131        Update the local keyring with the keyring of Debian archive
 132        keys and removes from the keyring the archive keys which are no
 133        longer valid.
 134
 135      </para>
 136
 137      </listitem>
 138      </varlistentry>
 139
 140      <varlistentry><term>net-update</term>
 141      <listitem>
 142      <para>
 143
 144        Update the local keyring with the keys of a key server
 145        and removes from the keyring the archive keys which are no
 146        longer valid. This requires an installed wget and an APT
 147        build configured to have a server to fetch from. APT in
 148        Debian does not support this command, but Ubuntu's APT
 149        does.
 150
 151      </para>
 152
 153      </listitem>
 154      </varlistentry>
 155    </variablelist>
 156 </refsect1>
 157
 158  <refsect1><title>Options</title>
 159 <para>Note that options need to be defined before the commands described in the previous section.</para>
 160    <variablelist>
 161       <varlistentry><term>--keyring <replaceable>filename</replaceable></term>
 162       <listitem><para>With this option it is possible to specify a specific keyring
 163       file the command should operate on. The default is that a command is executed
 164       on the <filename>trusted.gpg</filename> file as well as on all parts in the
 165       <filename>trusted.gpg.d</filename> directory, through <filename>trusted.gpg</filename>
 166       is the primary keyring which means that e.g. new keys are added to this one.
 167       </para></listitem>
 168       </varlistentry>
 169    </variablelist>
 170  </refsect1>
 171
 172  <refsect1><title>Files</title>
 173    <variablelist>
 174
 175      &file-trustedgpg;
 176
 177      <varlistentry><term><filename>/etc/apt/trustdb.gpg</filename></term>
 178      <listitem><para>Local trust database of archive keys.</para></listitem>
 179      </varlistentry>
 180
 181      <varlistentry><term><filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename></term>
 182      <listitem><para>Keyring of Debian archive trusted keys.</para></listitem>
 183      </varlistentry>
 184
 185      <varlistentry><term><filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename></term>
 186      <listitem><para>Keyring of Debian archive removed trusted keys.</para></listitem>
 187      </varlistentry>
 188
 189    </variablelist>
 190
 191 </refsect1>
 192
 193 <refsect1><title>See Also</title>
 194 <para>
 195 &apt-get;, &apt-secure;
 196 </para>
 197 </refsect1>
 198
 199  &manbugs;
 200  &manauthor;
 201
 202 </refentry>
 203