rpmkeys(8) RPM Keyring


rpmkeys {--import|--checksig}


The general forms of rpm digital signature commands are

rpmkeys --import PUBKEY ...

rpmkeys {-K|--checksig} PACKAGE_FILE ...

The --checksig option checks all the digests and signatures contained in PACKAGE_FILE to ensure the integrity and origin of the package. Note that signatures are now verified whenever a package is read, and --checksig is useful to verify all of the digests and signatures associated with a package.

Digital signatures cannot be verified without a public key. An ASCII armored public key can be added to the rpm database using --import. An imported public key is carried in a header, and key ring management is performed exactly like package management. For example, all currently imported public keys can be displayed by:

rpm -qa gpg-pubkey*

Details about a specific public key, when imported, can be displayed by querying. Here's information about the Red Hat GPG/DSA key:

rpm -qi gpg-pubkey-db42a60e

Finally, public keys can be erased after importing just like packages. Here's how to remove the Red Hat GPG/DSA key

rpm -e gpg-pubkey-db42a60e


Marc Ewing <[email protected]>
Jeff Johnson <[email protected]>
Erik Troan <[email protected]>
Panu Matilainen <[email protected]>