rpmkeys - Man Page
RPM Keyring
Synopsis
rpmkeys {-K|--checksig} [options] PACKAGE_FILE ...
rpmkeys {-d|--delete|-e|--erase} [options] FINGERPRINT ...
rpmkeys {-x|--export} [options] [FINGERPRINT ...]
rpmkeys {-i|--import} [options] PUBKEY ...
rpmkeys {-l|--list} [options] [FINGERPRINT ...]
rpmkeys --rebuild [options] [rebuild-options]
Description
rpmkeys is used for manipulating the rpm keyring and verifying package digital signatures with the contained keys.
For all available operations, see Operations.
Operations
- -K, --checksig
Verify the digests and signatures contained in PACKAGE_FILE to ensure the integrity and origin of the package.
- -d, --delete, -e, --erase
Erase the key(s) designated by FINGERPRINT.
- -x, --export
Output the key(s) designated by FINGERPRINT using an ASCII-armor encoding. If FINGERPRINT is not specified, output all keys.
- --import
Import ASCII-armored public keys. Digital signatures cannot be verified without the corresponding public key (aka certificate).
- -l, --list
List currently imported public key(s) (aka certificates) by their fingerprint and user ID. If no fingerprints are specified, list all keys.
- --rebuild
Recreate the public key storage. Update to the latest format and drop unreadable keys.
Arguments
- FINGERPRINT
The handle used for all operations on the keys.
- PACKAGE_FILE
An rpm package file or a manifest.
- PUBKEY
An ASCII-armored OpenPGP public key (aka certificate).
Options
See rpm-common(8) for the options common to all rpm executables.
Rebuild Options
- --from <fs|openpgp|rpmdb>
Use the keys from the specified backend to rebuild the currently configured keystore backend. This can be used to convert from one key storage to another.
Output
<_PACKAGE_FILE_>: <element> <element> <OK|NOT OK>
With --verbose:
<_PACKAGE_FILE_>:
<element>: <OK|NOTFOUND|BAD>
...<fingerprint> <name> <userid> public key
Configuration
There are several configurables affecting the behavior of this verification, see rpm-config(5) for details:
- %_keyring
- %_keyringpath
- %_pkgverify_flags
- %_pkgverify_level
Exit Status
On success, 0 is returned, a non-zero failure code otherwise.
Examples
rpmkeys --export 771b18d3d7baa28734333c424344591e1964c5fc | sq inspect
Export key 771b18d3d7baa28734333c424344591e1964c5fc for inspecting with sequoia-sq.
rpmkeys --erase 771b18d3d7baa28734333c424344591e1964c5fc
Erase key 771b18d3d7baa28734333c424344591e1964c5fc from the keyring.
rpmkeys -K hello-2.0-1.x86_64.rpm
Verify hello-2.0-1.x86_64.rpm package file.
See Also
popt(3), rpm(8), rpm-common(8), rpm-config(5), rpmsign(1)
rpmkeys --help - as rpm supports customizing the options via popt aliases it's impossible to guarantee that what's described in the manual matches what's available.
Referenced By
rpm(8), rpmbuild(1), rpm-common(8), rpmsign(1).