How to use the command `pacman-key` (with examples)

How to use the command `pacman-key` (with examples)

The pacman-key command is a wrapper script for GnuPG that is used to manage pacman’s keyring in Arch Linux. It allows users to initialize the keyring, add and remove keys, list keys, receive keys from key servers, and perform other key-related operations.

Use case 1: Initialize the pacman keyring

Code:

sudo pacman-key --init

Motivation: This use case is necessary when setting up a new Arch Linux system or when the keyring needs to be re-initialized.

Explanation: The --init option is used to initialize the pacman keyring.

Example output:

gpg: keyring `/etc/pacman.d/gnupg/pubring.gpg' created
gpg: Generating pacman keyring master key...
gpg: key B724E9E3E6F6DE4A marked as ultimately trusted
gpg: directory `/etc/pacman.d/gnupg/private-keys-v1.d' created
gpg: Done

Use case 2: Add the default Arch Linux keys

Code:

sudo pacman-key --populate archlinux

Motivation: This use case is necessary to add the default Arch Linux keys to the keyring.

Explanation: The --populate archlinux option is used to populate the keyring with the default Arch Linux keys.

Example output:

==> Updating trust database...
gpg: next trustdb check due at 2023-09-09
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signing key BDB22CE741178C2E35A7F61A7B82E0DC6E90DCF0...
  -> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
  -> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00...
  -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
  -> Locally signing key CDFD6BB0AAF21E5D451E5298F076F22A648A560E...
  -> Locally signing key 6D1655C14CE1C7E1E80B6933C1B8775E00CF01A6...
  -> Locally signing key 7F2D434B9741E8ACAAFAA3EB7B9E5C97EDB22A84...
:: Importing keys with gpg...
-> Appending imported keys...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
  -> Disabling key A57D 1BBB 1C955 58B7 F963  7B01 61C2 6C95 EAFD 249B...
  -> Disabling key 39F0 9162 5A04 E423 8BCD  998E 5EFE 7A52 16AB 2CFB...
  -> Disabling key 44D4 05B5 85ED 2C6C E8BC  BF99 5E76 2E8B 68FE 94B0...
  -> Disabling key 76B9 7270 B46B 47C2 18AC  CA63 FCD3 A5DF 6D1B 5FA6...
  -> Disabling key 2D1452A8A135C000...
  -> Disabling key E7210A59715F6940...
  -> Disabling key 0E8B 644D 424C 8C5B E16A  96F5 6A4F 35FF 48DB 3FDF...
  -> Disabling key 5A97 6DE0 DCF2 43E4 B46F  34FD 0803 5B96 4D0A A5A7...
==> Updating trust database...
gpg: next trustdb check due at 2023-09-09
==> Removing revoked keys from keyring...
  -> Removing key 5A97 6DE0 DCF2 43E4 B46F  34FD 0803 5B96 4D0A A5A7...
  -> Removing key 0E8B 644D 424C 8C5B E16A  96F5 6A4F 35FF 48DB 3FDF...
  -> Removing key E7210A59715F6940...
  -> Removing key 2D1452A8A135C000...
  -> Removing key 76B9 7270 B46B 47C2 18AC  CA63 FCD3 A5DF 6D1B 5FA6...
  -> Removing key 44D4 05B5 85ED 2C6C E8BC  BF99 5E76 2E8B 68FE 94B0...
  -> Removing key 39F0 9162 5A04 E423 8BCD  998E 5EFE 7A52 16AB 2CFB...
  -> Removing key A57D 1BBB 1C955 58B7 F963  7B01 61C2 6C95 EAFD 249B...

Use case 3: List keys from the public keyring

Code:

pacman-key --list-keys

Motivation: This use case is useful for retrieving a list of all the keys in the public keyring.

Explanation: The --list-keys option is used to list all the keys in the public keyring.

Example output:

pub   rsa4096 2020-09-23 [SC]
      20E8 3001 5093 731D A982  B297 78D7 6D00 4BA2 EAE3
uid           [ unknown] Docker Release (CE deb) <docker@docker.com>
sub   rsa4096 2020-09-23 [E]
sub   rsa4096 2020-09-23 [A]

pub   rsa2048 2015-09-06 [SC]
      0C49 F373 0359 0EEA 4DE7  F848 9B96 06FF 354E 82F2
uid           [ unknown] Arch Linux ARM Build System <builder@archlinuxarm.org>
sub   rsa2048 2015-09-06 [E]

Use case 4: Add the specified keys

Code:

sudo pacman-key --add path/to/keyfile.gpg

Motivation: This use case is necessary when you have a specific key that you want to add to the keyring.

Explanation: The --add option is used to add the specified key from path/to/keyfile.gpg to the keyring.

Example output:

==> Locally signing key AABBCCDDEEFF0011...
  -> Locally signing key AABBCCDDEEFF0011...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
  -> Disabling key AABBCCDDEEFF0011...
==> Updating trust database...
gpg: next trustdb check due at 2023-09-09
==> Removing revoked keys from keyring...
  -> Removing key AABBCCDDEEFF0011...

Use case 5: Receive a key from a key server

Code:

sudo pacman-key --recv-keys "uid|name|email"

Motivation: This use case is necessary when you want to receive a key from a key server.

Explanation: The --recv-keys option is used to receive a key from a key server based on the specified user ID, name, or email.

Example output:

==> Retrieving required keys from keyservers...
:: Import PGP key 0123456789ABCDEF, "John Doe <johndoe@example.com>"? [Y/n]
:: Import PGP key 9876543210FEDCBA, "Jane Smith <janesmith@example.com>"? [Y/n]
==> Checking keyring...
==> Checking integrity...
==> Loading package...

Use case 6: Print the fingerprint of a specific key

Code:

pacman-key --finger "uid|name|email"

Motivation: This use case is useful when you want to verify the fingerprint of a specific key.

Explanation: The --finger option is used to print the fingerprint of a specific key based on the specified user ID, name, or email.

Example output:

key fingerprint = AABBCCDDEEFF0011

Use case 7: Sign an imported key locally

Code:

sudo pacman-key --lsign-key "uid|name|email"

Motivation: This use case is necessary when you want to locally sign an imported key.

Explanation: The --lsign-key option is used to locally sign an imported key based on the specified user ID, name, or email.

Example output:

==> Locally signing key AABBCCDDEEFF0011...
  -> Locally signing key AABBCCDDEEFF0011...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
  -> Disabling key AABBCCDDEEFF0011...
==> Updating trust database...
gpg: next trustdb check due at 2023-09-09
==> Removing revoked keys from keyring...
  -> Removing key AABBCCDDEEFF0011...

Use case 8: Remove a specific key

Code:

sudo pacman-key --delete "uid|name|email"

Motivation: This use case is necessary when you want to remove a specific key from the keyring.

Explanation: The --delete option is used to remove the specified key based on the specified user ID, name, or email.

Example output:

==> Removing key AABBCCDDEEFF0011...

Conclusion:

The pacman-key command is a versatile tool for managing pacman’s keyring in Arch Linux. It provides a range of options for initializing the keyring, adding and removing keys, listing keys, receiving keys from key servers, and performing other key-related operations. By understanding and utilizing these use cases, users can effectively manage the security of their Arch Linux system.

Tags :

Related Posts

How to use the command `sam2p` (with examples)

How to use the command `sam2p` (with examples)

The sam2p command is a raster (bitmap) image converter with smart PDF and PostScript (EPS) output.

Read More
Using the nfcd Command (with Examples)

Using the nfcd Command (with Examples)

Starting the daemon To start the nfcd daemon, simply run the command nfcd.

Read More
Using the "trust" Command (with examples)

Using the "trust" Command (with examples)

The trust command is a useful tool for operating on the trust policy store.

Read More