This package contains the GPG keyring files for various linux distributions.
You might want these if you are trying to download distribution package lists, similar to webpki-roots for fetching things over HTTPS.
If you know you are using a specific distribution, release, or host system, you should probably rely on the keys distributed with that.
They keys are in rfc4880 format, as byte slices.
This is the .gpg
format which gnupg uses for keys
(and many other things). You need an rfc4880
parser, such a gpg
, to do anything
useful with them. There are rust bindings for gpgme,
or you can use a pure rust implementation, such as gpgrv,
which is used in the tests.
Debian keys, from debian-archive-keyring
2023.4
(sid):
pub rsa4096 2019-02-05 [SC] [expires: 2027-02-03]
6D33866EDD8FFA41C0143AEDDCC9EFBF77E11517
uid Debian Stable Release Key (10/buster) <debian-release@lists.debian.org>
pub rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE
uid Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub rsa4096 2019-04-14 [S] [expires: 2027-04-12]
pub rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
5E61B217265DA9807A23C5FF4DFAB270CAA96DFA
uid Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub rsa4096 2019-04-14 [S] [expires: 2027-04-12]
pub rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
1F89983E0081FDE018F3CC9673A4F27B8DD47936
uid Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub rsa4096 2021-01-17 [S] [expires: 2029-01-15]
pub rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
AC530D520F2F3269F5E98313A48449044AAD5C5D
uid Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub rsa4096 2021-01-17 [S] [expires: 2029-01-15]
pub rsa4096 2021-02-13 [SC] [expires: 2029-02-11]
A4285295FC7B1A81600062A9605C66F00D6C9793
uid Debian Stable Release Key (11/bullseye) <debian-release@lists.debian.org>
pub ed25519 2023-01-23 [SC] [expires: 2031-01-21]
4D64FEC119C2029067D6E791F8D2585B8783D481
uid Debian Stable Release Key (12/bookworm) <debian-release@lists.debian.org>
pub rsa4096 2023-01-21 [SC] [expires: 2031-01-19]
B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8
uid Debian Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>
sub rsa4096 2023-01-21 [S] [expires: 2031-01-19]
pub rsa4096 2023-01-21 [SC] [expires: 2031-01-19]
05AB90340C0C5E797F44A8C8254CF3B5AEC0A8F0
uid Debian Security Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>
sub rsa4096 2023-01-21 [S] [expires: 2031-01-19]
License:
The keys in the keyrings don't fall under any copyright.
Ubuntu keys, from ubuntu-keyring
2023.11.28.1
(noble):
pub rsa4096 2012-05-11 [SC]
790BC7277767219C42C86F933B4FE6ACC0B21F32
uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
pub rsa4096 2012-05-11 [SC]
843938DF228D22F7B3742BC0D94AA3F0EFE21092
uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
pub rsa4096 2018-09-17 [SC]
F6ECB3762474EDA9D21B7022871920D1991BC93C
uid Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>
License:
public-domain. The keys in the keyrings don't fall under any copyright.
There is practically no code here, so licensing doesn't really apply.
The keyrings themselves are also probably not subject to licensing. Both have helpfully explicitly written this in their source.
The crate as a whole is listed as MIT OR Apache-2.0
, just in case.