“pacman-key” is a wrapper script for GnuPG (Gnu Privacy Guard), a popular encryption and signing tool, used to manage pacman’s keyring in Arch Linux and its derivatives. The pacman-key utility is used to manage the GnuPG keys that are used to authenticate packages in the pacman package manager.
Pacman uses GnuPG keys to ensure the authenticity of the packages it installs. The keys are used to sign the packages, and pacman verifies the signatures before installing a package to ensure that the package has not been tampered with and came from a trusted source.
“pacman-key” provides several options to manage the pacman keyring, including:
- Initializing the keyring: This option generates a new keyring and sets up the necessary permissions to use GnuPG with pacman.
- Adding keys: This option adds new GnuPG keys to the pacman keyring, allowing the user to authenticate packages from additional sources.
- Listing keys: This option displays a list of all the GnuPG keys in the pacman keyring, along with their fingerprints and other information.
- Deleting keys: This option allows the user to remove GnuPG keys from the pacman keyring.
pacman-key Command Examples
1. Initialize the pacman keyring:
# sudo pacman-key --init
2. Add the default Arch Linux keys:
# sudo pacman-key --populate archlinux
3. List keys from the public keyring:
# pacman-key --list-keys
4. Add the specified keys:
# sudo pacman-key --add path/to/keyfile.gpg
5. Receive a key from a key server:
# sudo pacman-key --recv-keys "uid|name|email"
6. Print the fingerprint of a specific key:
# pacman-key --finger "uid|name|email"
7. Sign an imported key locally:
# sudo pacman-key --lsign-key "uid|name|email"
8. Remove a specific key:
# sudo pacman-key --delete "uid|name|email"