Provided by: pacman-package-manager_6.0.2-3_amd64 bug

NAME

       pacman-key - manage pacman's list of trusted keys

SYNOPSIS

       pacman-key [options] operation [targets]

DESCRIPTION

       pacman-key is a wrapper script for GnuPG used to manage pacman’s keyring, which is the
       collection of PGP keys used to check signed packages and databases. It provides the
       ability to import and export keys, fetch keys from keyservers and update the key trust
       database.

       More complex keyring management can be achieved using GnuPG directly combined with the
       --homedir option pointing at the pacman keyring (located in /etc/pacman.d/gnupg by
       default).

       Invoking pacman-key consists of supplying an operation with any potential options and
       targets to operate on. Depending on the operation, a target may be a valid key identifier,
       filename, or directory.

OPERATIONS

       -a, --add
           Add the key(s) contained in the specified file or files to pacman’s keyring. If a key
           already exists, update it.

       -d, --delete
           Remove the key(s) identified by the specified keyid(s) from pacman’s keyring.

       -e, --export
           Export key(s) identified by the specified keyid(s) to stdout. If no keyid is
           specified, all keys will be exported.

       --edit-key
           Present a menu for key management task on the specified keyid(s). Useful for adjusting
           a keys trust level.

       -f, --finger
           List a fingerprint for each specified keyid, or for all known keys if no keyids are
           specified.

       -h, --help
           Output syntax and command line options.

       --import
           Imports keys from pubring.gpg into the public keyring from the specified directories.

       --import-trustdb
           Imports ownertrust values from trustdb.gpg into the shared trust database from the
           specified directories.

       --init
           Ensure the keyring is properly initialized and has the required access permissions.

       -l, --list-keys
           Lists all or specified keys from the public keyring.

       --list-sigs
           Same as --list-keys, but the signatures are listed too.

       --lsign-key
           Locally sign the given key. This is primarily used to root the web of trust in the
           local private key generated by --init.

       --nocolor
           Disable colored output from pacman-key.

       -r, --recv-keys
           Equivalent to --recv-keys in GnuPG.

       --refresh-keys
           Equivalent to --refresh-keys in GnuPG.

       --populate
           Reload the default keys from the (optionally provided) keyrings in
           /usr/share/keyrings. For more information, see Providing a Keyring for Import below.

       -u, --updatedb
           Equivalent to --check-trustdb in GnuPG. This operation can be specified with other
           operations.

       -V, --version
           Displays the program version.

       -v, --verify
           Assume that the first argument is a signature and verify it. If a second argument is
           provided, it is the file to be verified.

           With only one argument given, assume that the signature is a detached signature, and
           look for a matching data file to verify by stripping the file extension. If no
           matching data file is found, fall back on GnuPG semantics and attempt to verify a file
           with an embedded signature.

OPTIONS

       --config <file>
           Use an alternate configuration file instead of the /etc/pacman.conf default.

       --gpgdir <dir>
           Set an alternate home directory for GnuPG. If unspecified, the value is read from
           /etc/pacman.conf.

       --keyserver <keyserver>
           Use the specified keyserver if the operation requires one. This will take precedence
           over any keyserver option specified in a gpg.conf configuration file. Running --init
           with this option will set the default keyserver if one was not already configured.

PROVIDING A KEYRING FOR IMPORT

       A distribution or other repository provided may want to provide a set of PGP keys used in
       the signing of its packages and repository databases that can be readily imported into the
       pacman keyring. This is achieved by providing a PGP keyring file foo.gpg that contains the
       keys for the foo keyring in the directory /usr/share/keyrings.

       Optionally, the file foo-trusted can be provided containing a list of trusted key IDs for
       that keyring. This is a file in a format compatible with gpg --export-ownertrust output.
       This file will inform the user which keys a user needs to verify and sign to build a local
       web of trust, in addition to assigning provided owner trust values.

       Also optionally, the file foo-revoked can be provided containing a list of revoked key IDs
       for that keyring. Revoked is defined as "no longer valid for any signing", so should be
       used with prudence. A key being marked as revoked will be disabled in the keyring and no
       longer treated as valid, so this always takes priority over it’s trusted state in any
       other keyring.

SEE ALSO

       pacman(8), pacman.conf(5)

       See the pacman website at https://archlinux.org/pacman/ for current information on pacman
       and its related tools.

BUGS

       Bugs? You must be kidding; there are no bugs in this software. But if we happen to be
       wrong, submit a bug report with as much detail as possible at the Arch Linux Bug Tracker
       in the Pacman section.

AUTHORS

       Current maintainers:

       •   Allan McRae <allan@archlinux.org>

       •   Andrew Gregory <andrew.gregory.8@gmail.com>

       •   Eli Schwartz <eschwartz@archlinux.org>

       •   Morgan Adamiec <morganamilo@archlinux.org>

       Past major contributors:

       •   Judd Vinet <jvinet@zeroflux.org>

       •   Aurelien Foret <aurelien@archlinux.org>

       •   Aaron Griffin <aaron@archlinux.org>

       •   Dan McGee <dan@archlinux.org>

       •   Xavier Chantry <shiningxc@gmail.com>

       •   Nagy Gabor <ngaba@bibl.u-szeged.hu>

       •   Dave Reisner <dreisner@archlinux.org>

       For additional contributors, use git shortlog -s on the pacman.git repository.