.TH "RPMKEYS" "8" "29 October 2010" "Red Hat, Inc"
.SH NAME
rpmkeys \- RPM Keyring
.SH SYNOPSIS
.PP
\fBrpmkeys\fR {\fB--import|--checksig\fR}
.SH "DESCRIPTION"
.PP
The general forms of rpm digital signature commands are
.PP
\fBrpmkeys\fR \fB--import\fR \fB\fIPUBKEY\fB\fR\fI ...\fR
\fBrpmkeys\fR {\fB-K|--checksig\fR} \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
.\" These are not implemented yet...
.\" \fBrpm\fR \fB--list-key[s]\fR \fB\fIKEY_ID\fB\fR\fI ...\fR
.\"
.\" \fBrpm\fR \fB--delete-key[s]\fR \fB\fIKEY_ID\fB\fR\fI ...\fR
.\"
.PP
The \fB--checksig\fR option checks all the digests and signatures contained in
\fIPACKAGE_FILE\fR to ensure
the integrity and origin of the package. Note that
signatures are now verified whenever a package is read,
and \fB--checksig\fR is useful to verify
all of the digests and signatures associated with a package.
.PP
Digital signatures cannot be verified without a public key.
An ASCII armored public key can be added to the \fBrpm\fR database
using \fB--import\fR. An imported public key is
carried in a header, and key ring management is performed
exactly like package management. For example, all currently imported
public keys can be displayed by:
.PP
\fBrpm -qa gpg-pubkey*\fR
.PP
Details about a specific public key, when imported, can be displayed
by querying. Here's information about the Red Hat GPG/DSA key:
.PP
\fBrpm -qi gpg-pubkey-db42a60e\fR
.PP
Finally, public keys can be erased after importing just like
packages. Here's how to remove the Red Hat GPG/DSA key
.PP
\fBrpm -e gpg-pubkey-db42a60e\fR
.PP
.SH "SEE ALSO"
.nf
\fBpopt\fR(3),
\fBrpm\fR(8),
\fBrpmdb\fR(8),
\fBrpmsign\fR(8),
\fBrpm2cpio\fR(8),
\fBrpmbuild\fR(8),
\fBrpmspec\fR(8),
.fi
\fBrpmkeys --help\fR - as rpm supports customizing the options via popt aliases
it's impossible to guarantee that what's described in the manual matches
what's available.
\fBhttp://www.rpm.org/
\fR
.SH "AUTHORS"
.nf
Marc Ewing
Jeff Johnson
Erik Troan
Panu Matilainen
.fi