Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
PACMAN-KEY(8)			 Pacman	Manual			 PACMAN-KEY(8)

       pacman-key - manage pacman's list of trusted keys

       pacman-key [options] operation [targets]

       pacman-key is a wrapper script for GnuPG	used to	manage pacman's
       keyring,	which is the collection	of PGP keys used to check signed
       packages	and databases. It provides the ability to import and export
       keys, fetch keys	from keyservers	and update the key trust database.

       More complex keyring management can be achieved using GnuPG directly
       combined	with the --homedir option pointing at the pacman keyring
       (located	in /etc/pacman.d/gnupg by default).

       Invoking	pacman-key consists of supplying an operation with any
       potential options and targets to	operate	on. Depending on the
       operation, a target may be a valid key identifier, filename, or

       -a, --add
	   Add the key(s) contained in the specified file or files to pacman's
	   keyring. If a key already exists, update it.

       -d, --delete
	   Remove the key(s) identified	by the specified keyid(s) from
	   pacman's keyring.

       -e, --export
	   Export key(s) identified by the specified keyid(s) to stdout. If no
	   keyid is specified, all keys	will be	exported.

	   Present a menu for key management task on the specified keyid(s).
	   Useful for adjusting	a keys trust level.

       -f, --finger
	   List	a fingerprint for each specified keyid,	or for all known keys
	   if no keyids	are specified.

       -h, --help
	   Output syntax and command line options.

	   Imports keys	from pubring.gpg into the public keyring from the
	   specified directories.

	   Imports ownertrust values from trustdb.gpg into the shared trust
	   database from the specified directories.

	   Ensure the keyring is properly initialized and has the required
	   access permissions.

       -l, --list-keys
	   Lists all or	specified keys from the	public keyring.

	   Same	as --list-keys,	but the	signatures are listed too.

	   Locally sign	the given key. This is primarily used to root the web
	   of trust in the local private key generated by --init.

	   Disable colored output from pacman-key.

       -r, --recv-keys
	   Equivalent to --recv-keys in	GnuPG.

	   Equivalent to --refresh-keys	in GnuPG.

	   Reload the default keys from	the (optionally	provided) keyrings in
	   /usr/share/pacman/keyrings. For more	information, see Providing a
	   Keyring for Import below.

       -u, --updatedb
	   Equivalent to --check-trustdb in GnuPG. This	operation can be
	   specified with other	operations.

       -V, --version
	   Displays the	program	version.

       -v, --verify
	   Verify the file(s) specified	by the signature(s).

       --config	<file>
	   Use an alternate configuration file instead of the /etc/pacman.conf

       --gpgdir	<dir>
	   Set an alternate home directory for GnuPG. If unspecified, the
	   value is read from /etc/pacman.conf.

       --keyserver <keyserver>
	   Use the specified keyserver if the operation	requires one. This
	   will	take precedence	over any keyserver option specified in a
	   gpg.conf configuration file.	Running	--init with this option	will
	   set the default keyserver if	one was	not already configured.

       A distribution or other repository provided may want to provide a set
       of PGP keys used	in the signing of its packages and repository
       databases that can be readily imported into the pacman keyring. This is
       achieved	by providing a PGP keyring file	foo.gpg	that contains the keys
       for the foo keyring in the directory /usr/share/pacman/keyrings.

       Optionally, the file foo-trusted	can be provided	containing a list of
       trusted key IDs for that	keyring. This is a file	in a format compatible
       with gpg	--export-ownertrust output. This file will inform the user
       which keys a user needs to verify and sign to build a local web of
       trust, in addition to assigning provided	owner trust values.

       Also optionally,	the file foo-revoked can be provided containing	a list
       of revoked key IDs for that keyring. Revoked is defined as "no longer
       valid for any signing", so should be used with prudence.	A key being
       marked as revoked will be disabled in the keyring and no	longer treated
       as valid, so this always	takes priority over it's trusted state in any
       other keyring.

       pacman(8), pacman.conf(5)

       See the pacman website at for current
       information on pacman and its related tools.

       Bugs? You must be kidding; there	are no bugs in this software. But if
       we happen to be wrong, send us an email with as much detail as possible

       Current maintainers:

       o   Allan McRae <>

       o   Andrew Gregory <>

       o   Dan McGee <>

       o   Dave	Reisner	<>

       Past major contributors:

       o   Judd	Vinet <>

       o   Aurelien Foret <>

       o   Aaron Griffin <>

       o   Xavier Chantry <>

       o   Nagy	Gabor <>

       For additional contributors, use	git shortlog -s	on the pacman.git

Pacman 5.1.3			  2019-03-01			 PACMAN-KEY(8)


Want to link to this manual page? Use this URL:

home | help