Trust is a command-line tool that allows users to operate on the trust policy store in a Linux system. The trust policy store is a collection of trusted public keys, certificates, and certificate revocation lists (CRLs) used to verify the authenticity and integrity of software packages and other system resources.
The trust policy store is managed by the system’s package manager, such as apt or yum, and is used to ensure that software packages are signed by trusted sources and have not been tampered with. Trust allows users to interact with the trust policy store directly, providing more granular control over the trust policy and the ability to customize it according to their needs.
Using Trust, users can view the contents of the trust policy store, add new trusted public keys and certificates, and remove existing ones. The tool also provides options for managing CRLs, such as adding or removing CRLs, and setting the expiration date for CRLs.
Trust is typically used by system administrators and developers who need to manage the trust policy store on a Linux system. The tool is designed to be simple and easy to use, with a command-line interface that is intuitive and straightforward.
If you encounter the below error while running the command trust:
trust: command not found
you may try installing the below package as per your choice of distribution:
| Distribution | Command |
|---|---|
| Debian | apt-get install p11-kit-trust |
| Ubuntu | apt-get install p11-kit-trust |
| Alpine | apk add p11-kit-trust |
| Arch Linux | pacman -S p11-kit-trust |
| Kali Linux | apt-get install p11-kit-trust |
| CentOS | yum install p11-kit-trust |
| Fedora | dnf install p11-kit-trust |
| Raspbian | apt-get install p11-kit-trust |
trust Command Examples
1. List trust policy store items:
# trust list
2. List information about specific items in the trust policy store:
# trust list --filter=blocklist|ca-anchors|certificates|trust-policy
3. Store a specific trust anchor in the trust policy store:
# trust anchor path/to/certificate.crt
4. Remove a specific anchor from the trust policy store:
# trust anchor --remove path/to/certificate.crt
5. Extract trust policy from the shared trust policy store:
# trust extract --format=x509-directory --filter=ca-anchors path/to/directory
6. Display help for a subcommand:
# trust subcommand --help
Summary
Overall, Trust is a powerful tool for managing the trust policy store on a Linux system. Its ability to interact with the trust policy store directly provides greater control and flexibility over the trust policy, making it an essential tool for anyone who needs to manage the security of a Linux system.