.\" Automatically generated by Pandoc 2.14.0.3
.\"
.TH "RPMKEYS" "8" "29 October 2010" "" ""
.hy
.SH NAME
.PP
rpmkeys - RPM Keyring
.SH SYNOPSIS
.PP
\f[B]rpmkeys\f[R] {\f[B]--import|--checksig\f[R]}
.SH DESCRIPTION
.PP
The general forms of rpm digital signature commands are
.PP
\f[B]rpmkeys\f[R] \f[B]--import\f[R] \f[I]PUBKEY ...\f[R]
.PP
\f[B]rpmkeys\f[R] {\f[B]-K|--checksig\f[R]} \f[I]PACKAGE_FILE ...\f[R]
.PP
The \f[B]--checksig\f[R] option checks all the digests and signatures
contained in \f[I]PACKAGE_FILE\f[R] to ensure the integrity and origin
of the package.
Note that signatures are now verified whenever a package is read, and
\f[B]--checksig\f[R] is useful to verify all of the digests and
signatures associated with a package.
.PP
Digital signatures cannot be verified without a public key.
An ASCII armored public key can be added to the \f[B]rpm\f[R] database
using \f[B]--import\f[R].
An imported public key is carried in a header, and key ring management
is performed exactly like package management.
For example, all currently imported public keys can be displayed by:
.PP
\f[B]rpm -qa gpg-pubkey*\f[R]
.PP
Details about a specific public key, when imported, can be displayed by
querying.
Here\[aq]s information about the Red Hat GPG/DSA key:
.PP
\f[B]rpm -qi gpg-pubkey-db42a60e\f[R]
.PP
Finally, public keys can be erased after importing just like packages.
Here\[aq]s how to remove the Red Hat GPG/DSA key
.PP
\f[B]rpm -e gpg-pubkey-db42a60e\f[R]
.SH SEE ALSO
.IP
.nf
\f[C]
popt(3),
rpm(8),
rpmdb(8),
rpmsign(8),
rpm2cpio(8),
rpmbuild(8),
rpmspec(8),
\f[R]
.fi
.PP
\f[B]rpmkeys --help\f[R] - as rpm supports customizing the options via
popt aliases it\[aq]s impossible to guarantee that what\[aq]s described
in the manual matches what\[aq]s available.
.PP
\f[B]http://www.rpm.org/ \f[R]
.SH AUTHORS
.IP
.nf
\f[C]
Marc Ewing
Jeff Johnson
Erik Troan
Panu Matilainen
\f[R]
.fi