X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/6b3ddbd059c403efeb40d81c29f2cae6e8f5b1bf..c2fb49ca1783b9ea2dd8b7cb90a2284750076c65:/doc/apt-key.8.xml
diff --git a/doc/apt-key.8.xml b/doc/apt-key.8.xml
index 57200b1ed..eacd18d4d 100644
--- a/doc/apt-key.8.xml
+++ b/doc/apt-key.8.xml
@@ -13,7 +13,7 @@
&apt-email;
&apt-product;
- 2016-07-07T00:00:00Z
+ 2016-11-25T00:00:00Z
@@ -47,6 +47,20 @@
+Supported keyring files
+apt-key supports only the binary OpenPGP format (also known as "GPG key
+ public ring") in files with the "gpg" extension, not
+ the keybox database format introduced in newer &gpg; versions as default
+ for keyring files. Binary keyring files intended to be used with any apt
+ version should therefore always be created with gpg --export.
+
+Alternatively, if all systems which should be using the created keyring
+ have at least apt version >= 1.4 installed, you can use the ASCII armored
+ format with the "asc" extension instead which can be
+ created with gpg --armor --export.
+
+
+
Commands
@@ -63,10 +77,10 @@
otherwise the &apt-secure; infrastructure is completely undermined.
- Instead of using this command a keyring can be placed directly in the
- /etc/apt/trusted.gpg.d/ directory with a descriptive name
- (same rules for filename apply as for &apt-conf; files) and "gpg"
- as file extension.
+ Note: Instead of using this command a keyring
+ should be placed directly in the /etc/apt/trusted.gpg.d/
+ directory with a descriptive name and either "gpg" or
+ "asc" as file extension.
@@ -139,7 +153,7 @@
Note that a distribution does not need to and in fact should not use
this command any longer and instead ship keyring files in the
- /etc/apt/trusted.gpg directory directly as this
+ /etc/apt/trusted.gpg.d/ directory directly as this
avoids a dependency on gnupg and it is easier to manage
keys by simply adding and removing files for maintainers and users alike.