tlmgr-key
Manage GPG keys for TeX Live packages
TLDR
List all keys for TeX Live
Add a key from a specific file
Add a key from stdin
Remove a specific key by its ID
SYNOPSIS
tlmgr-key [--help] [--list] [--import
PARAMETERS
--help
Displays the help message and exits.
--list
Lists the currently trusted GPG keys.
--import
Imports one or more GPG keys from the specified files. Each
--delete
Deletes one or more GPG keys identified by their key IDs. The key ID can be a short or long form of the key fingerprint.
DESCRIPTION
The `tlmgr-key` command is a utility included with TeX Live Manager (tlmgr) for managing the GPG keys used to verify the integrity and authenticity of TeX Live packages. It allows importing, listing, and deleting GPG keys trusted by tlmgr. Using properly configured keys, you can verify that the packages you install are genuinely from the TeX Live project and have not been tampered with. This is an important security measure.
Without trusted keys, `tlmgr` will issue warnings or refuse to install updates, potentially leaving your system vulnerable to malicious packages. Proper key management ensures a secure and reliable TeX Live installation.
Using `tlmgr-key` properly ensures that your TeX Live distribution only installs verified packages from the official TeX Live repositories. This helps prevent security breaches.
CAVEATS
If you are using a non-standard GPG setup, `tlmgr-key` may require adjustments to its configuration. Also, always verify the authenticity of any imported key before trusting it.
KEY VERIFICATION
Before importing a key, it is crucial to verify its authenticity. Obtain the key fingerprint from a trusted source, such as the TeX Live website or a reputable TeX user group. Compare the fingerprint with the one displayed by `tlmgr-key --list` after importing the key. If they match, you can be reasonably sure that the key is genuine.
SEE ALSO
tlmgr(1)