PKSCLIENT(8)PKSCLIENT(8)NAMEpksclient - Public Key Server Client
SYNOPSISpksclient /db/path cmd [args ...]
DESCRIPTIONpksclient is a command line interface which allows the administrator to
perform key server operations directly instead of through the daemon.
The software will use locking and transaction semantics unless you
specify otherwise. Never do this if another process has the database
open. Once the command is completed, pksclient will attempt to check‐
point the database and remove any excess log files.
Each command takes the path to the directory which contains the data‐
base files, a command name, and possibly a list of arguments to the
command. Some commands take an optional flags argument. Flags are
single letters as described for each command, concatenated into a sin‐
gle argument.
pksclient /db/path create [num_files [dbtype]]
Create an empty database. If a database exists in the
directory, it is destroyed. If num_files is specified,
then the key database will be split into that many
files. If it is not specified, then three key database
files will be created. If dbtype is specified, then the
key database will be created using the specified type.
Possible values are btree and hash. If it is not speci‐
fied, the database will be created using the hash type.
pksclient /db/path recover
Recover an inconsistent database. This is equivalent to
the db_recover(8) command, but it uses a larger cache
for better performance.
pksclient /db/path add filename [flags]
Add a keyring to the database. The filename may refer
to a keyring file (.pgp format), or an ASCII-armored
keyring (.asc format). If the 'n' flag is specified,
then an incremental for the new keyring relative to the
database is generated to stdout. If the 'd' flag is
specified, then the disabled flag will not be stripped
from the input file. This is useful if you are initial‐
izing the database for the first time with a keyring
from another key server which includes disabled keys. If
the 't' flag is specified, the operation will take place
without logging and transactions. This is faster, but
less safe.
pksclient /db/path get userid [flags]
An ASCII-armored keyring containing all the keys match‐
ing the userid is printed to stdout. If the 'e' flag is
specified, then the key's user id must be an exact case-
insensitive substring of the userid argument. If the
'a' flag is specified, then the userid argument is
ignored, and all keys in the database are returned. If
the 'b' flag is specified, then the output keyring will
be in binary format instead of ASCII-armor format. If
the 'i' flag is specified, then errors will be ignored.
This is used when recovering from a corrupt database.
If the 'd' flag is specified, then disabled keys will be
returned. If the 's' flag is specified, the selected
keys will be output unsorted to stdout. This flag
implies the 'b' flag. If the 't' flag is specified, the
operation will take place without logging and transac‐
tions. This is faster, but less safe.
pksclient /db/path index userid [flags]
An index listing for all the keys matching the userid is
printed to stdout. If the 'v' flag is specified, then
signatures are included in the output. If the 'f' flag
is specified, then the key fingerprint is included in
the output. If the 'e' flag is specified, then the
key's user id must be an exact case-insensitive sub‐
string of the userid argument. If the 'a' flag is spec‐
ified, then the userid argument is ignored, and all keys
in the database are indexed. If the 'i' flag is speci‐
fied, then errors will be ignored. This is used when
recovering from a corrupt database. If the 'd' flag is
specified, then disabled keys will be returned. If the
's' flag is specified, the index will be output unsorted
to stdout. If the 't' flag is specified, the operation
will take place without logging and transactions. This
is faster, but less safe.
pksclient /db/path since time [flags]
An ASCII-armored keyring containing all the keys added
to the database or changed since the unix timestamp
since is printed to stdout. The timestamp that the
database was last modified is printed to stderr. If the
'b' flag is specified, then the output keyring will be
in binary format instead of ASCII-armor format. If the
'r' flag is specified, then the time given is taken as
the number of seconds the in the past the dump should
start ( since 86400 r is thus equivalent to the LAST 1
mail command). If the 't' flag is specified, the opera‐
tion will take place without logging and transactions.
This is faster, but less safe.
pksclient /db/path delete userid [flags]
All keys matching the userid are deleted from the data‐
base. If the 't' flag is specified, the operation will
take place without logging and transactions. This is
faster, but less safe.
pksclient /db/path disable userid [flags]
All keys matching the userid have the disabled flag set.
If the 'c' flag is specified, then the flag is cleared
instead of set. If the 't' flag is specified, the oper‐
ation will take place without logging and transactions.
This is faster, but less safe.
SEE ALSOpks-intro(8), pksd(8)AUTHOR
Marc Horowitz, Massachusetts Institute of Technology
17 November 1996 PKSCLIENT(8)