Project:Gentoo-keys/gkeys
From Gentoo Wiki
The information in this article is representative of former times and has been archived. It can be used for reference, but is most likely not appropriate for current usage. Generally, archived articles should not be edited.
Main help
gkeys -h
usage: gkeys [-h] [-c CONFIG] [-D {WARNING,INFO,FATAL,NOTSET,WARN,DEBUG,ERROR,CRITICAL}] [subcommand] [subcommand-option,...]
Gentoo-keys manager program
optional arguments:
-h, --help show this help message and exit
-c CONFIG, --config CONFIG
The path to an alternate config file
-D {WARNING,INFO,FATAL,NOTSET,WARN,DEBUG,ERROR,CRITICAL}, --debug {WARNING,INFO,FATAL,NOTSET,WARN,DEBUG,ERROR,CRITICAL}
The logging level to set for the logfile
Subcommands:
Valid subcommands
Additional help
---general--- -----< general actions >------
sign Sign a file
verify File verification action
----keys----- -------< key actions >--------
check-key Check keys actions
import-key Add a specified key to a specified keyring
installed Lists the installed key directories
install-key Install a key from the seed(s)
search-key Search for a key's seed field in the installed keys db
list-key Pretty-print the selected seed file or nick
move-key Rename an installed key
refresh-key Calls gpg with the --refresh-keys option
remove-key Remove an installed key
spec-check Check keys actions
----seeds---- ------< seed actions >-------
add-seed Add or replace a key in the selected seed file(s)
fetch-seed Download the selected seed file(s)
list-cats List seed file definitions found in the config
list-seed Pretty-print the selected seed file(s)
list-seedfiles List seed files found in the configured seed directory
move-seed Move keys between seed files
remove-seed Remove a key from the selected seed file(s)
CAUTION: adding UNTRUSTED keys can be HAZARDOUS to your system!
General Actions
gkeys sign -h
usage: gkeys sign [-h] [-n NICK] [-N [NAME [NAME ...]]] [-r KEYDIR] [-f FINGERPRINT [FINGERPRINT ...]] [-F FILENAME [FILENAME ...]] [-k KEYRING]
Sign a file
optional arguments:
-h, --help show this help message and exit
Signing key info (one or more of nick, name, fingerprint as appropriate)
-n NICK, --nick NICK The nick associated with the the key
-N [NAME [NAME ...]], --name [NAME [NAME ...]]
The name of the the key
-f FINGERPRINT [FINGERPRINT ...], --fingerprint FINGERPRINT [FINGERPRINT ...]
The fingerprint of the the key
Target file to sign
-F FILENAME [FILENAME ...], --file FILENAME [FILENAME ...]
The path/URL to use for the (signed) file
gkeys verify -h
usage: gkeys verify [-h] [-d DESTINATION] [-n NICK] [-N [NAME [NAME ...]]] [-r KEYDIR] [-K [KEYS [KEYS ...]]] [-f FINGERPRINT [FINGERPRINT ...]] [-C CATEGORY] [-F FILENAME] [-s SIGNATURE] [-t]
File verification action.
Note: If the specified key/keyring to verify against does not contain the key used to sign the file. It will Auto-search for the correct key in the installed keys db. And verify against the matching key.
optional arguments:
-h, --help show this help message and exit
gpg key options (optional, if none specified, it will auto-search)
-n NICK, --nick NICK The nick associated with the the key
-N [NAME [NAME ...]], --name [NAME [NAME ...]]
The name of the the key
-r KEYDIR, --keydir KEYDIR
The keydir to use, update or search for/in
-K [KEYS [KEYS ...]], --keys [KEYS [KEYS ...]]
The name of the keyring to use for verification, etc.
-f FINGERPRINT [FINGERPRINT ...], --fingerprint FINGERPRINT [FINGERPRINT ...]
The fingerprint of the the key
-C CATEGORY, --category CATEGORY
The key or seed directory category to use or update
target file options (minimum -F is needed, others optional)
-d DESTINATION, --dest DESTINATION
The save destination for http, etc. type download operations
-F FILENAME, --file FILENAME
The path/URL to use for the (signed) file
-s SIGNATURE, --signature SIGNATURE
The path/URL to use with the signature
-t, --timestamp Turn on timestamp use. (records a timestamp file for the downloaded file)
Key specific actions
gkeys check-key -h
usage: gkeys check-key [-h] [-n NICK] [-N [NAME [NAME ...]]] [-r KEYDIR] [-K [KEYS [KEYS ...]]] [-f FINGERPRINT [FINGERPRINT ...]] [-C CATEGORY] [-k KEYRING] [-i KEYID [KEYID ...]]
Check keys actions
Performs basic validity checks on the key(s), checks expiry, and presence of a signing sub-key
optional arguments:
-h, --help show this help message and exit
-n NICK, --nick NICK The nick associated with the the key
-N [NAME [NAME ...]], --name [NAME [NAME ...]]
The name of the the key
-r KEYDIR, --keydir KEYDIR
The keydir to use, update or search for/in
-K [KEYS [KEYS ...]], --keys [KEYS [KEYS ...]]
The name of the keyring to use for verification, etc.
-f FINGERPRINT [FINGERPRINT ...], --fingerprint FINGERPRINT [FINGERPRINT ...]
The fingerprint of the the key
-C CATEGORY, --category CATEGORY
The key or seed directory category to use or update
-k KEYRING, --keyring KEYRING
The name of the keyring to use for verification, etc.
-i KEYID [KEYID ...], --keyid KEYID [KEYID ...]
The long keyid of the gpg key to search for
gkeys import-key -h
usage: gkeys import-key [-h] [-n NICK] [-N [NAME [NAME ...]]] [-r KEYDIR] [-K [KEYS [KEYS ...]]] [-f FINGERPRINT [FINGERPRINT ...]] [-C CATEGORY] [-k KEYRING]
Add a specified key to a specified keyring
optional arguments:
-h, --help show this help message and exit
source options
-n NICK, --nick NICK The nick associated with the the key
-N [NAME [NAME ...]], --name [NAME [NAME ...]]
The name of the the key
-r KEYDIR, --keydir KEYDIR
The keydir to use, update or search for/in
-K [KEYS [KEYS ...]], --keys [KEYS [KEYS ...]]
The name of the keyring to use for verification, etc.
-f FINGERPRINT [FINGERPRINT ...], --fingerprint FINGERPRINT [FINGERPRINT ...]
The fingerprint of the the key
-C CATEGORY, --category CATEGORY
The source seed file (category) to use
target option (optional, the seed contains a keydir field normally used as the target)
-k KEYRING, --keyring KEYRING
The name of the keyring to install it to
gkeys installed -h
usage: gkeys installed [-h] [-n NICK] [-N [NAME [NAME ...]]] [-r KEYDIR] [-K [KEYS [KEYS ...]]] [-f FINGERPRINT [FINGERPRINT ...]] [-C CATEGORY] [-k KEYRING]
Lists the installed key directories
optional arguments:
-h, --help show this help message and exit
Minimum required is -C, --category
-n NICK, --nick NICK The nick associated with the the key
-N [NAME [NAME ...]], --name [NAME [NAME ...]]
The name of the the key
-r KEYDIR, --keydir KEYDIR
The keydir to list
-K [KEYS [KEYS ...]], --keys [KEYS [KEYS ...]]
The name of the keyring to list
-f FINGERPRINT [FINGERPRINT ...], --fingerprint FINGERPRINT [FINGERPRINT ...]
The fingerprint of the the key
-C CATEGORY, --category CATEGORY
The key directory (category) to use
-k KEYRING, --keyring KEYRING
The name of the keyring to list
gkeys install-key -h
usage: gkeys install-key [-h] [-n NICK] [-N [NAME [NAME ...]]] [-r KEYDIR] [-K [KEYS [KEYS ...]]] [-f FINGERPRINT [FINGERPRINT ...]] [-C CATEGORY] [-k KEYRING] [-F FILENAME]
Install a key from the seed(s)
optional arguments:
-h, --help show this help message and exit
Minimum -C, --category required (category only will install all keys in that seed-file)
-n NICK, --nick NICK The nick associated with the the key
-N [NAME [NAME ...]], --name [NAME [NAME ...]]
The name of the the key
-r KEYDIR, --keydir KEYDIR
The keydir to use, update or search for/in
-K [KEYS [KEYS ...]], --keys [KEYS [KEYS ...]]
The name of the keyring to use for verification, etc.
-f FINGERPRINT [FINGERPRINT ...], --fingerprint FINGERPRINT [FINGERPRINT ...]
The fingerprint of the the key
-C CATEGORY, --category CATEGORY
The key or seed directory category to use or update
-k KEYRING, --keyring KEYRING
The name of the keyring to use for verification, etc.
-F FILENAME, --file FILENAME
The path/URL to use for the (signed) file
gkeys search-key -h
usage: gkeys search-key [-h] [-n NICK] [-N NAME] [-r KEYDIR] [-K [KEYS [KEYS ...]]] [-f FINGERPRINT [FINGERPRINT ...]] [-i KEYID [KEYID ...]] [-u [UID [UID ...]]] [-C CATEGORY] [-e] [-a]
Search for a key's seed in the installed keys db
optional arguments:
-h, --help show this help message and exit
Minimum of one of the following
-n NICK, --nick NICK The nick associated with the the key
-N NAME, --name NAME The name of the the key
-r KEYDIR, --keydir KEYDIR
The keydir to use, update or search for/in
-K [KEYS [KEYS ...]], --keys [KEYS [KEYS ...]]
The name of the keyring to use for verification, etc.
-f FINGERPRINT [FINGERPRINT ...], --fingerprint FINGERPRINT [FINGERPRINT ...]
The fingerprint of the the key
-i KEYID [KEYID ...], --keyid KEYID [KEYID ...]
The long keyid of the gpg key to search for
-u [UID [UID ...]], --uid [UID [UID ...]]
The user ID, gpg key uid
-C CATEGORY, --category CATEGORY
The key or seed directory category to use or update
Search filter options
-e, --exact Use CASE matching in searches
-a, --all Match all inputs arguments in searches
gkeys list-key -h
usage: gkeys list-key [-h] [-n NICK] [-N [NAME [NAME ...]]] [-r KEYDIR] [-K [KEYS [KEYS ...]]] [-f FINGERPRINT [FINGERPRINT ...]] [-C CATEGORY] [-k KEYRING] [-g GPGSEARCH] [-i KEYID [KEYID ...]]
Pretty-print the selected seed file or nick
optional arguments:
-h, --help show this help message and exit
Minimum of one of the following options
-n NICK, --nick NICK The nick associated with the the key
-N [NAME [NAME ...]], --name [NAME [NAME ...]]
The name of the the key
-r KEYDIR, --keydir KEYDIR
The keydir to use, update or search for/in
-K [KEYS [KEYS ...]], --keys [KEYS [KEYS ...]]
The name of the keyring to use for verification, etc.
-f FINGERPRINT [FINGERPRINT ...], --fingerprint FINGERPRINT [FINGERPRINT ...]
The fingerprint of the the key
-C CATEGORY, --category CATEGORY
The key or seed directory category to use or update
-k KEYRING, --keyring KEYRING
The name of the keyring to use for verification, etc.
-g GPGSEARCH, --gpgsearch GPGSEARCH
Do a gpg search operations, rather than a gkey search
-i KEYID [KEYID ...], --keyid KEYID [KEYID ...]
The long keyid of the gpg key to search for
gkeys move-key -h
usage: gkeys move-key [-h] [-n NICK] [-N [NAME [NAME ...]]] [-r KEYDIR] [-K [KEYS [KEYS ...]]] [-f FINGERPRINT [FINGERPRINT ...]] [-C CATEGORY] [-k KEYRING] [-d DESTINATION]
Rename an installed key
optional arguments:
-h, --help show this help message and exit
Source options
-n NICK, --nick NICK The nick associated with the the key
-N [NAME [NAME ...]], --name [NAME [NAME ...]]
The name of the the key
-r KEYDIR, --keydir KEYDIR
The keydir to use, update or search for/in
-K [KEYS [KEYS ...]], --keys [KEYS [KEYS ...]]
The name of the keyring to use for verification, etc.
-f FINGERPRINT [FINGERPRINT ...], --fingerprint FINGERPRINT [FINGERPRINT ...]
The fingerprint of the the key
-C CATEGORY, --category CATEGORY
The key or seed directory category to use or update
-k KEYRING, --keyring KEYRING
The name of the keyring to use for verification, etc.
Target options
-d DESTINATION, --dest DESTINATION
The destination for move, copy, create operations
gkeys refresh-key -h
usage: gkeys refresh-key [-h] [-n NICK] [-N [NAME [NAME ...]]] [-r KEYDIR] [-K [KEYS [KEYS ...]]] [-f FINGERPRINT [FINGERPRINT ...]] [-C CATEGORY] [-k KEYRING] [-i KEYID [KEYID ...]]
Calls gpg with the --refresh-keys option
for in place updates of the installed keys
optional arguments:
-h, --help show this help message and exit
Minimum of one of the following options
-n NICK, --nick NICK The nick associated with the the key
-N [NAME [NAME ...]], --name [NAME [NAME ...]]
The name of the the key
-r KEYDIR, --keydir KEYDIR
The keydir to use, update or search for/in
-K [KEYS [KEYS ...]], --keys [KEYS [KEYS ...]]
The name of the keyring to use for verification, etc.
-f FINGERPRINT [FINGERPRINT ...], --fingerprint FINGERPRINT [FINGERPRINT ...]
The fingerprint of the the key
-C CATEGORY, --category CATEGORY
The key or seed directory category to use or update
-k KEYRING, --keyring KEYRING
The name of the keyring to use for verification, etc.
-i KEYID [KEYID ...], --keyid KEYID [KEYID ...]
The long keyid of the gpg key to search for
gkeys remove-key -h
usage: gkeys remove-key [-h] [-n NICK] [-N [NAME [NAME ...]]] [-r KEYDIR] [-K [KEYS [KEYS ...]]] [-f FINGERPRINT [FINGERPRINT ...]] [-C CATEGORY] [-k KEYRING]
Remove an installed key
optional arguments:
-h, --help show this help message and exit
Minimum of one of the following options, recommend -C and one other
-n NICK, --nick NICK The nick associated with the the key
-N [NAME [NAME ...]], --name [NAME [NAME ...]]
The name of the the key
-r KEYDIR, --keydir KEYDIR
The keydir to use, update or search for/in
-K [KEYS [KEYS ...]], --keys [KEYS [KEYS ...]]
The name of the keyring to use for verification, etc.
-f FINGERPRINT [FINGERPRINT ...], --fingerprint FINGERPRINT [FINGERPRINT ...]
The fingerprint of the the key
-C CATEGORY, --category CATEGORY
The key or seed directory category to use or update
-k KEYRING, --keyring KEYRING
The name of the keyring to use for verification, etc.
gkeys spec-check -h
usage: gkeys spec-check [-h] [-n NICK] [-N [NAME [NAME ...]]] [-r KEYDIR] [-K [KEYS [KEYS ...]]] [-f FINGERPRINT [FINGERPRINT ...]] [-C CATEGORY] [-k KEYRING] [-i KEYID [KEYID ...]]
Check if keys meet specifications requirements
optional arguments:
-h, --help show this help message and exit
-n NICK, --nick NICK The nick associated with the the key
-N [NAME [NAME ...]], --name [NAME [NAME ...]]
The name of the the key
-r KEYDIR, --keydir KEYDIR
The keydir to use, update or search for/in
-K [KEYS [KEYS ...]], --keys [KEYS [KEYS ...]]
The name of the keyring to use for verification, etc.
-f FINGERPRINT [FINGERPRINT ...], --fingerprint FINGERPRINT [FINGERPRINT ...]
The fingerprint of the the key
-C CATEGORY, --category CATEGORY
The key or seed directory category to use or update
-k KEYRING, --keyring KEYRING
The name of the keyring to use for verification, etc.
-i KEYID [KEYID ...], --keyid KEYID [KEYID ...]
The long keyid of the gpg key to search for
Seed specific actions
gkeys add-seed -h
usage: gkeys add-seed [-h] [-n NICK] [-N [NAME [NAME ...]]] [-r KEYDIR] [-K [KEYS [KEYS ...]]] [-f FINGERPRINT [FINGERPRINT ...]] [-C CATEGORY] [-u [UID [UID ...]]]
Add or replace a key in the selected seed file(s)
optional arguments:
-h, --help show this help message and exit
Mandatory
-n NICK, --nick NICK The nick associated with the the key
-N [NAME [NAME ...]], --name [NAME [NAME ...]]
The name of the the key
-r KEYDIR, --keydir KEYDIR
The destination keydir for the installed key
-f FINGERPRINT [FINGERPRINT ...], --fingerprint FINGERPRINT [FINGERPRINT ...]
The fingerprint of the the key
-C CATEGORY, --category CATEGORY
The seed file name (category) to update
Optional
-u [UID [UID ...]], --uid [UID [UID ...]]
The user ID, gpg key uid
gkeys fetch-seed -h
usage: gkeys fetch-seed [-h] [-n NICK] [-F FILENAME] [-C CATEGORY] [-d DESTINATION] [-s SIGNATURE] [-t]
Download the selected seed file(s)
optional arguments:
-h, --help show this help message and exit
Minimum -C, --category required
-n NICK, --nick NICK The nick associated with the the key
-F FILENAME, --file FILENAME
The path/URL to use for the (signed) file
-C CATEGORY, --category CATEGORY
The key or seed directory category to use or update
-d DESTINATION, --dest DESTINATION
The destination for move, copy, create operations
-s SIGNATURE, --signature SIGNATURE
The path/URL to use for the signature
-t, --timestamp Turn on timestamp use
gkeys list-cats -h
usage: gkeys list-cats [-h]
List seed file definitions found in the config
optional arguments:
-h, --help show this help message and exit
gkeys list-seed -h
usage: gkeys list-seed [-h] [-n NICK] [-N [NAME [NAME ...]]] [-r KEYDIR] [-K [KEYS [KEYS ...]]] [-f FINGERPRINT [FINGERPRINT ...]] [-C CATEGORY] [-F FILENAME]
Pretty-print the selected seed file(s)
optional arguments:
-h, --help show this help message and exit
-n NICK, --nick NICK The nick associated with the the key
-N [NAME [NAME ...]], --name [NAME [NAME ...]]
The name of the the key
-r KEYDIR, --keydir KEYDIR
The keydir to use, update or search for/in
-K [KEYS [KEYS ...]], --keys [KEYS [KEYS ...]]
The name of the keyring to use for verification, etc.
-f FINGERPRINT [FINGERPRINT ...], --fingerprint FINGERPRINT [FINGERPRINT ...]
The fingerprint of the the key
-C CATEGORY, --category CATEGORY
The seed file name (category) to list
-F FILENAME, --file FILENAME
The path to use for the seed file
gkeys list-seedfiles -h
usage: gkeys list-seedfiles [-h]
List seed files found in the configured seed directory
optional arguments:
-h, --help show this help message and exit
gkeys move-seed -h
usage: gkeys move-seed [-h] [-n NICK] [-N [NAME [NAME ...]]] [-r KEYDIR] [-K [KEYS [KEYS ...]]] [-f FINGERPRINT [FINGERPRINT ...]] [-C CATEGORY] [-d DESTINATION]
Move keys between seed files
optional arguments:
-h, --help show this help message and exit
-n NICK, --nick NICK The nick associated with the the key
-N [NAME [NAME ...]], --name [NAME [NAME ...]]
The name of the the key
-r KEYDIR, --keydir KEYDIR
The keydir to use, update or search for/in
-K [KEYS [KEYS ...]], --keys [KEYS [KEYS ...]]
The name of the keyring to use for verification, etc.
-f FINGERPRINT [FINGERPRINT ...], --fingerprint FINGERPRINT [FINGERPRINT ...]
The fingerprint of the the key
-C CATEGORY, --category CATEGORY
The key or seed directory category to use or update
-d DESTINATION, --dest DESTINATION
The destination for move, copy, create operations
gkeys remove-seed -h
usage: gkeys remove-seed [-h] [-n NICK] [-N [NAME [NAME ...]]] [-r KEYDIR] [-K [KEYS [KEYS ...]]] [-f FINGERPRINT [FINGERPRINT ...]] [-C CATEGORY]
Remove a seed from the selected seed file
optional arguments:
-h, --help show this help message and exit
-n NICK, --nick NICK The nick associated with the the seed
-N [NAME [NAME ...]], --name [NAME [NAME ...]]
The name of the the seed, key
-r KEYDIR, --keydir KEYDIR
The keydir to search for
-K [KEYS [KEYS ...]], --keys [KEYS [KEYS ...]]
The name of the keyring to use for verification, etc.
-f FINGERPRINT [FINGERPRINT ...], --fingerprint FINGERPRINT [FINGERPRINT ...]
The fingerprint of the the key
-C CATEGORY, --category CATEGORY
The seed file name (category) to update
Keyring and Seed file Categories
Keyrings in gkeys are organized into categories.
- Each category can contain one or more keyrings.
- Each keyring can contain one or more gpg key.
All gkeys operations revolve around the use of a -C, --category and as such is a required option for all actions.
For security reasons, most keyrings are separated into individual keyrings and not grouped together into one keyring.
root #gkeys list-key -C gentooNick.....: gkeys
Name.....: Gentoo-Linux Gentoo-keys Project Signing Key
Keydir...: release
Gpg info.: /var/lib/gkeys/keyrings/gentoo/release/pubring.gpg
--------------------------------------------------
pub 4096R/825533CBF6CD6C97 2014-10-03 [expires: 2017-09-17]
Key fingerprint = D2DE 1DBB A0F4 3EBA 341B 97D8 8255 33CB F6CD 6C97
uid [ unknown] Gentoo-keys Team <gkeys@gentoo.org>
sub 4096R/A41DBBD9151C3FC7 2014-10-03 [expires: 2017-09-17]
pub 1024D/9E6438C817072058 2004-07-20 [expires: 2016-08-13]
Key fingerprint = D99E AC73 79A8 50BC E47D A5F2 9E64 38C8 1707 2058
uid [ unknown] Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key) <releng@gentoo.org>
sub 2048g/0403710E1415B4ED 2004-07-20 [expires: 2016-08-13]
pub 4096R/DB6B8C1F96D8BF6D 2011-11-25 [expires: 2015-11-24]
Key fingerprint = DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
uid [ unknown] Gentoo Portage Snapshot Signing Key (Automated Signing Key)
sub 4096R/EC590EEAC9189250 2011-11-25 [expires: 2015-11-24]
pub 4096R/BB572E0E2D182910 2009-08-25 [expires: 2015-08-24]
Key fingerprint = 13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910
uid [ unknown] Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>
Nick.....: releng
Name.....: Gentoo Linux Release Engineering (Manual) Signing Key
Keydir...: release
Gpg info.: /var/lib/gkeys/keyrings/gentoo/release/pubring.gpg
--------------------------------------------------
pub 4096R/825533CBF6CD6C97 2014-10-03 [expires: 2017-09-17]
Key fingerprint = D2DE 1DBB A0F4 3EBA 341B 97D8 8255 33CB F6CD 6C97
uid [ unknown] Gentoo-keys Team <gkeys@gentoo.org>
sub 4096R/A41DBBD9151C3FC7 2014-10-03 [expires: 2017-09-17]
pub 1024D/9E6438C817072058 2004-07-20 [expires: 2016-08-13]
Key fingerprint = D99E AC73 79A8 50BC E47D A5F2 9E64 38C8 1707 2058
uid [ unknown] Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key) <releng@gentoo.org>
sub 2048g/0403710E1415B4ED 2004-07-20 [expires: 2016-08-13]
pub 4096R/DB6B8C1F96D8BF6D 2011-11-25 [expires: 2015-11-24]
Key fingerprint = DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
uid [ unknown] Gentoo Portage Snapshot Signing Key (Automated Signing Key)
sub 4096R/EC590EEAC9189250 2011-11-25 [expires: 2015-11-24]
pub 4096R/BB572E0E2D182910 2009-08-25 [expires: 2015-08-24]
Key fingerprint = 13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910
uid [ unknown] Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>
Nick.....: snapshot
Name.....: Gentoo Tree Snapshot (Automated) Signing Key
Keydir...: release
Gpg info.: /var/lib/gkeys/keyrings/gentoo/release/pubring.gpg
--------------------------------------------------
pub 4096R/825533CBF6CD6C97 2014-10-03 [expires: 2017-09-17]
Key fingerprint = D2DE 1DBB A0F4 3EBA 341B 97D8 8255 33CB F6CD 6C97
uid [ unknown] Gentoo-keys Team <gkeys@gentoo.org>
sub 4096R/A41DBBD9151C3FC7 2014-10-03 [expires: 2017-09-17]
pub 1024D/9E6438C817072058 2004-07-20 [expires: 2016-08-13]
Key fingerprint = D99E AC73 79A8 50BC E47D A5F2 9E64 38C8 1707 2058
uid [ unknown] Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key) <releng@gentoo.org>
sub 2048g/0403710E1415B4ED 2004-07-20 [expires: 2016-08-13]
pub 4096R/DB6B8C1F96D8BF6D 2011-11-25 [expires: 2015-11-24]
Key fingerprint = DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
uid [ unknown] Gentoo Portage Snapshot Signing Key (Automated Signing Key)
sub 4096R/EC590EEAC9189250 2011-11-25 [expires: 2015-11-24]
pub 4096R/BB572E0E2D182910 2009-08-25 [expires: 2015-08-24]
Key fingerprint = 13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910
uid [ unknown] Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>
Nick.....: weekly
Name.....: Gentoo Linux Release Engineering (Automated, Weekly) Signing Key
Keydir...: release
Gpg info.: /var/lib/gkeys/keyrings/gentoo/release/pubring.gpg
--------------------------------------------------
pub 4096R/825533CBF6CD6C97 2014-10-03 [expires: 2017-09-17]
Key fingerprint = D2DE 1DBB A0F4 3EBA 341B 97D8 8255 33CB F6CD 6C97
uid [ unknown] Gentoo-keys Team <gkeys@gentoo.org>
sub 4096R/A41DBBD9151C3FC7 2014-10-03 [expires: 2017-09-17]
pub 1024D/9E6438C817072058 2004-07-20 [expires: 2016-08-13]
Key fingerprint = D99E AC73 79A8 50BC E47D A5F2 9E64 38C8 1707 2058
uid [ unknown] Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key) <releng@gentoo.org>
sub 2048g/0403710E1415B4ED 2004-07-20 [expires: 2016-08-13]
pub 4096R/DB6B8C1F96D8BF6D 2011-11-25 [expires: 2015-11-24]
Key fingerprint = DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
uid [ unknown] Gentoo Portage Snapshot Signing Key (Automated Signing Key)
sub 4096R/EC590EEAC9189250 2011-11-25 [expires: 2015-11-24]
pub 4096R/BB572E0E2D182910 2009-08-25 [expires: 2015-08-24]
Key fingerprint = 13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910
uid [ unknown] Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>
Gkey task results:
Done.
Note
In the above example, you can see that the release media keys are stored in one keyring at this time and not separated into individual keyrings. This may change in the future. For a combined keyring like the above, gkeys may not report the correct key for a signature verification. At this time, it does not differentiate which key of a keyring it actually verifies against. Just that the keyring associated with the nick ID does return a valid verification.
In the above example, you can see that the release media keys are stored in one keyring at this time and not separated into individual keyrings. This may change in the future. For a combined keyring like the above, gkeys may not report the correct key for a signature verification. At this time, it does not differentiate which key of a keyring it actually verifies against. Just that the keyring associated with the nick ID does return a valid verification.
Categories
- gentoo This is the collections of release media seeds, keys
- gentoo-devs This is the collection of active Gentoo developers seeds, keys
- sign This is a locally defined category used to contain the keyrings capable of signing various objects. Normally gpg uses ~/.gnupg/ for these. Since gkeys wraps gpg commands with it's own structure of keyrings, this allows the definition of several individual keyrings which are capable of signing files, objects. It uses the same syntax as other gkeys commands, providing a consistent interface. eg:
user $gkeys sign -C sign -n foo
- <foo> It is possible to create your own keyring category and create seed files and binary keyrings for use with gkeys. They must be configured in the gkeys.conf file. See the [seeds], [seedurls], [verify-seeds] sections of your gkeys.conf.
Keyrings
- app-crypt/gentoo-keys Binary keyring installed as a dependency of gkeys. This is the "gentoo" category keyring which contains the release media gpg keys used by the infrastructure and Gentoo-keys teams. These are the keys used to sign various release medi files, stages, iso's.
- app-crypt/gentoo-devs-keys Not yet distributed as a binary keyring package. You must install the keys yourself using the seed file.
- app-crypt/<foo> It is possible to create and distribute other keyrings for use with gkeys. An example would be a keyring used to validate an overlays ebuild tree.