From Fedora Project Wiki


signing notes

$ sigul --help-commands
delete-key          Delete a key
modify-key-user     Modify user's key access
list-users          List users
grant-key-access    Grant key access to a user
sign-text           Output a cleartext signature of a text
import-key          Import a key
new-user            Add a user
sign-rpm            Sign a RPM
list-keys           List keys
sign-data           Create a detached signature
revoke-key-access   Revoke key acess from a user
user-info           Show information about a user
change-passphrase   Change key passphrase
list-key-users      List users that can access a key
new-key             Add a key
modify-user         Modify a user
sign-rpms           Sign one or more RPMs
modify-key          Modify a key
delete-user         Delete a user
key-user-info       Show information about user's key access
get-public-key      Output public part of the key


  • Adding passphrase to signing key.
NSS_HASH_ALG_SUPPORT=+MD5 sigul --verbose --user-name=parasense change-passphrase epel-7


  • Inspecting the NSS database with certutil

More info about certutil can be found here: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Tools/certutil

$ certutil -K -d ~/.sigul
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
Enter Password or Pin for "NSS Certificate DB":
< 0> rsa     ... <REDACTED> ...  sigul-client-cert
< 1> rsa     ... <REDACTED> ...  sigul-client-cert