doc/apt-key.8.xml

   1 <?xml version="1.0" encoding="utf-8" standalone="no"?>
   2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
   3   "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
   4
   5 <!ENTITY % aptent SYSTEM "apt.ent">
   6 %aptent;
   7
   8 <!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
   9 %aptverbatiment;
  10
  11 ]>
  12
  13 <refentry>
  14  &apt-docinfo;
  15
  16  <refmeta>
  17    <refentrytitle>apt-key</refentrytitle>
  18    <manvolnum>8</manvolnum>
  19    <refmiscinfo class="manual">APT</refmiscinfo>
  20  </refmeta>
  21
  22  <!-- Man page title -->
  23  <refnamediv>
  24     <refname>apt-key</refname>
  25     <refpurpose>APT key management utility</refpurpose>
  26  </refnamediv>
  27
  28  &synopsis-command-apt-key;
  29
  30  <refsect1><title>Description</title>
  31    <para>
  32    <command>apt-key</command> is used to manage the list of keys used
  33    by apt to authenticate packages.  Packages which have been
  34    authenticated using these keys will be considered trusted.
  35    </para>
  36 </refsect1>
  37
  38 <refsect1><title>Commands</title>
  39    <variablelist>
  40      <varlistentry><term>add &synopsis-param-filename;</term>
  41      <listitem>
  42      <para>
  43
  44        Add a new key to the list of trusted keys.  The key is read
  45        from &synopsis-param-filename;, or standard input if
  46        &synopsis-param-filename; is <literal>-</literal>.
  47      </para>
  48
  49      </listitem>
  50      </varlistentry>
  51
  52      <varlistentry><term>del &synopsis-param-keyid;</term>
  53      <listitem>
  54      <para>
  55
  56        Remove a key from the list of trusted keys.
  57
  58      </para>
  59
  60      </listitem>
  61      </varlistentry>
  62
  63      <varlistentry><term>export &synopsis-param-keyid;</term>
  64      <listitem>
  65      <para>
  66
  67         Output the key &synopsis-param-keyid; to standard output.
  68
  69      </para>
  70
  71      </listitem>
  72      </varlistentry>
  73
  74      <varlistentry><term>exportall</term>
  75      <listitem>
  76      <para>
  77
  78         Output all trusted keys to standard output.
  79
  80      </para>
  81
  82      </listitem>
  83      </varlistentry>
  84
  85      <varlistentry><term>list</term>
  86      <listitem>
  87      <para>
  88
  89        List trusted keys.
  90
  91      </para>
  92
  93      </listitem>
  94      </varlistentry>
  95
  96          <varlistentry><term>finger</term>
  97      <listitem>
  98      <para>
  99
 100      List fingerprints of trusted keys.
 101
 102      </para>
 103
 104      </listitem>
 105      </varlistentry>
 106
 107          <varlistentry><term>adv</term>
 108      <listitem>
 109      <para>
 110
 111      Pass advanced options to gpg. With adv --recv-key you can download the
 112          public key.
 113
 114      </para>
 115
 116      </listitem>
 117      </varlistentry>
 118
 119      <varlistentry><term>update</term>
 120      <listitem>
 121      <para>
 122
 123        Update the local keyring with the archive keyring and remove from
 124        the local keyring the archive keys which are no longer valid.
 125        The archive keyring is shipped in the <literal>archive-keyring</literal> package of your
 126        distribution, e.g. the <literal>debian-archive-keyring</literal> package in Debian.
 127
 128      </para>
 129
 130      </listitem>
 131      </varlistentry>
 132
 133      <varlistentry><term>net-update</term>
 134      <listitem>
 135      <para>
 136
 137        Work similar to the <command>update</command> command above, but get the
 138        archive keyring from an URI instead and validate it against a master key.
 139
 140        This requires an installed &wget; and an APT build configured to have
 141        a server to fetch from and a master keyring to validate.
 142
 143        APT in Debian does not support this command and relies on
 144        <command>update</command> instead, but Ubuntu's APT does.
 145
 146      </para>
 147
 148      </listitem>
 149      </varlistentry>
 150    </variablelist>
 151 </refsect1>
 152
 153  <refsect1><title>Options</title>
 154 <para>Note that options need to be defined before the commands described in the previous section.</para>
 155    <variablelist>
 156       <varlistentry><term>--keyring &synopsis-param-filename;</term>
 157       <listitem><para>With this option it is possible to specify a specific keyring
 158       file the command should operate on. The default is that a command is executed
 159       on the <filename>trusted.gpg</filename> file as well as on all parts in the
 160       <filename>trusted.gpg.d</filename> directory, though <filename>trusted.gpg</filename>
 161       is the primary keyring which means that e.g. new keys are added to this one.
 162       </para></listitem>
 163       </varlistentry>
 164    </variablelist>
 165  </refsect1>
 166
 167  <refsect1><title>Files</title>
 168    <variablelist>
 169
 170      &file-trustedgpg;
 171
 172      <varlistentry><term><filename>/etc/apt/trustdb.gpg</filename></term>
 173      <listitem><para>Local trust database of archive keys.</para></listitem>
 174      </varlistentry>
 175
 176      <varlistentry><term><filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename></term>
 177      <listitem><para>Keyring of Debian archive trusted keys.</para></listitem>
 178      </varlistentry>
 179
 180      <varlistentry><term><filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename></term>
 181      <listitem><para>Keyring of Debian archive removed trusted keys.</para></listitem>
 182      </varlistentry>
 183
 184    </variablelist>
 185
 186 </refsect1>
 187
 188 <refsect1><title>See Also</title>
 189 <para>
 190 &apt-get;, &apt-secure;
 191 </para>
 192 </refsect1>
 193
 194  &manbugs;
 195  &manauthor;
 196
 197 </refentry>
 198