tlmgr-key

List all keys for TeX Live

$ tlmgr key list

$ sudo tlmgr key add [path/to/key.gpg]

$ cat [path/to/key.gpg] | sudo tlmgr key add -

$ sudo tlmgr key remove [key_id]

tlmgr-key [--help] [--list] [--import ...] [--delete ...]

--help
    Displays the help message and exits.

--list
    Lists the currently trusted GPG keys.

--import ...
    Imports one or more GPG keys from the specified files. Each should contain a GPG key in ASCII armored format.

--delete ...
    Deletes one or more GPG keys identified by their key IDs. The key ID can be a short or long form of the key fingerprint.

The `tlmgr-key` command is a utility included with TeX Live Manager (tlmgr) for managing the GPG keys used to verify the integrity and authenticity of TeX Live packages. It allows importing, listing, and deleting GPG keys trusted by tlmgr. Using properly configured keys, you can verify that the packages you install are genuinely from the TeX Live project and have not been tampered with. This is an important security measure.

Without trusted keys, `tlmgr` will issue warnings or refuse to install updates, potentially leaving your system vulnerable to malicious packages. Proper key management ensures a secure and reliable TeX Live installation.

Using `tlmgr-key` properly ensures that your TeX Live distribution only installs verified packages from the official TeX Live repositories. This helps prevent security breaches.

If you are using a non-standard GPG setup, `tlmgr-key` may require adjustments to its configuration. Also, always verify the authenticity of any imported key before trusting it.

Before importing a key, it is crucial to verify its authenticity. Obtain the key fingerprint from a trusted source, such as the TeX Live website or a reputable TeX user group. Compare the fingerprint with the one displayed by `tlmgr-key --list` after importing the key. If they match, you can be reasonably sure that the key is genuine.

tlmgr(1)