man7.org > Linux > man-pages

Linux/UNIX system programming training

rpmkeys(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | OPERATIONS | ARGUMENTS | OPTIONS | REBUILD OPTIONS | OUTPUT | CONFIGURATION | EXIT STATUS | EXAMPLES | SEE ALSO | COLOPHON 

RPMKEYS(8)               System Manager's Manual               RPMKEYS(8)

NAME         top

       rpmkeys - RPM Keyring

SYNOPSIS         top

       rpmkeys {-K|--checksig} [options] PACKAGE_FILE ...

       rpmkeys {-d|--delete|-e|--erase} [options] FINGERPRINT ...

       rpmkeys {-x|--export} [options] [FINGERPRINT ...]

       rpmkeys {-i|--import} [options] PUBKEY ...

       rpmkeys {-l|--list} [options] [FINGERPRINT ...]

       rpmkeys --rebuild [options] [rebuild-options]

DESCRIPTION         top

       rpmkeys is used for manipulating the rpm keyring and verifying
       package digital signatures with the contained keys.

       For all available operations, see OPERATIONS.

OPERATIONS         top

       -K, --checksig
           Verify the digests and signatures contained in PACKAGE_FILE to
           ensure the integrity and origin of the package.

       -d, --delete, -e, --erase
           Erase the key(s) designated by FINGERPRINT. The --delete and
           -d options are deprecated.

       -x, --export
           Output the key(s) designated by FINGERPRINT using an ASCII-
           armor encoding.  If FINGERPRINT is not specified, output all
           keys.

       --import
           Import ASCII-armored public keys. Digital signatures cannot be
           verified without the corresponding public key (aka
           certificate).

       -l, --list
           List currently imported public key(s) (aka certificates) by
           their fingerprint and user ID. If no fingerprints are
           specified, list all keys.

       --rebuild
           Recreate the public key storage. Update to the latest format
           and drop unreadable keys.

ARGUMENTS         top

       FINGERPRINT
           The handle used for all operations on the keys.
       PACKAGE_FILE
           An rpm package file or a manifest.
       PUBKEY
           An ASCII-armored OpenPGP public key (aka certificate).

OPTIONS         top

       See rpm-common(8) for the options common to all rpm executables.

REBUILD OPTIONS         top

       --from <fs|openpgp|rpmdb>
           Use the keys from the specified backend to rebuild the
           currently configured keystore backend. This can be used to
           convert from one key storage to another.

OUTPUT         top

       --checksig
           <_PACKAGE_FILE_>: <element> <element> <OK|NOT OK>

           With --verbose:
           <_PACKAGE_FILE_>:
               <element>: <OK|NOTFOUND|BAD>
               ...

       --list
           <fingerprint> <name> <userid> public key

CONFIGURATION         top

       There are several configurables affecting the behavior of this
       verification, see rpm-config(5) for details:
       •   %_keyring%_keyringpath%_pkgverify_flags%_pkgverify_level

EXIT STATUS         top

       On success, 0 is returned, a nonzero failure code otherwise.

EXAMPLES         top

       rpmkeys --export 771b18d3d7baa28734333c424344591e1964c5fc | sq
       inspect
           Export key 771b18d3d7baa28734333c424344591e1964c5fc for
           inspecting with sequoia-sq.

       rpmkeys --erase 771b18d3d7baa28734333c424344591e1964c5fc
           Erase key 771b18d3d7baa28734333c424344591e1964c5fc from the
           keyring.

       rpmkeys -K hello-2.0-1.x86_64.rpm
           Verify hello-2.0-1.x86_64.rpm package file.

SEE ALSO         top

       popt(3), rpm(8), rpm-common(8), rpm-config(5), rpmsign(1)

       rpmkeys --help - as rpm(8) supports customizing the options via
       popt aliases it's impossible to guarantee that what's described in
       the manual matches what's available.

       http://www.rpm.org/

COLOPHON         top

       This page is part of the rpm (RPM Package Manager) project.
       Information about the project can be found at 
       ⟨https://github.com/rpm-software-management/rpm⟩.  It is not known
       how to report bugs for this man page; if you know, please send a
       mail to man-pages@man7.org.  This page was obtained from the
       project's upstream Git repository
       ⟨https://github.com/rpm-software-management/rpm.git⟩ on
       2026-01-16.  (At that time, the date of the most recent commit
       that was found in the repository was 2026-01-15.)  If you discover
       any rendering problems in this HTML version of the page, or you
       believe there is a better or more up-to-date source for the page,
       or you have corrections or improvements to the information in this
       COLOPHON (which is not part of the original manual page), send a
       mail to man-pages@man7.org

RPM 6.0.90                      2026-01-16                     RPMKEYS(8)

Pages that refer to this page: rpmbuild(1)rpmsign(1)rpm(8)rpm-common(8)

HTML rendering created 2026-01-16 by Michael Kerrisk, author of The Linux Programming Interface.

For details of in-depth Linux/UNIX system programming training courses that I teach, look here.

Hosting by jambit GmbH.

Cover of TLPI