# Install monkeysphere with Homebrew, apk, Nix

Use the OpenPGP web of trust to verify ssh connections. Version 0.44 via Homebrew; verified 2026-05-25.

## Install

```sh
sudo av install brew:monkeysphere
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install monkeysphere
```

  Evidence: local Homebrew formula metadata

### Linux

- apk (92%):

```sh
sudo apk add monkeysphere
```

  Evidence: Alpine Linux edge package indexes: monkeysphere from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz

- Nix (92%):

```sh
nix profile install nixpkgs#monkeysphere
```

  Evidence: nixpkgs package indexes: pkgs/by-name/mo/monkeysphere/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:monkeysphere
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/monkeysphere>
- **Version:** 0.44
- **Source summary:** Use the OpenPGP web of trust to verify ssh connections
- **Homepage:** <https://tracker.debian.org/pkg/monkeysphere>
- **Repository:** <https://github.com/dkg/monkeysphere>
- **Upstream docs:** <https://github.com/dkg/monkeysphere#readme>
- **License:** GPL-3.0-or-later
- **Source archive:** <https://deb.debian.org/debian/pool/main/m/monkeysphere/monkeysphere_0.44.orig.tar.gz>
- **Last updated:** 2026-05-25T17:02:24-04:00
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- agent-transfer (cli)
- monkeysphere (cli)
- monkeysphere-authentication (cli)
- monkeysphere-host (cli)
- openpgp2pem (cli)
- openpgp2spki (cli)
- openpgp2ssh (cli)
- pem2openpgp (cli)
- agent-transfer (alias)
- monkeysphere (alias)
- monkeysphere-authentication (alias)
- monkeysphere-host (alias)
- openpgp2pem (alias)
- openpgp2spki (alias)
- openpgp2ssh (alias)
- pem2openpgp (alias)

## Dependencies

- gnupg
- libassuan
- libgcrypt
- libgpg-error
- openssl@3

## Build dependencies

- gnu-sed
- pkgconf

## Uses from macOS

- perl

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 0.44
- Package-manager updated: 2026-05-25
- Local data: ok
- Upstream repository: https://tracker.debian.org/pkg/monkeysphere
- info: Release/tag comparison is only available for GitHub repositories.
## Project history and usage

Monkeysphere is a security tool from the OpenPGP and Debian-adjacent world that tries to bring the OpenPGP web of trust to SSH and TLS authentication. Its README frames the project as extending OpenPGP's trust model to more areas of the Internet, with an implementation that lets users keep using OpenSSH while identifying users and servers through OpenPGP keys managed by GnuPG.

### Project history

The project was written by Jameson Rollins and Daniel Kahn Gillmor, according to the monkeysphere(7) manual page. Early changelog entries from 2008 show rapid work on server diagnostics, key expiration, certifier management, privilege separation, OpenSSH known_hosts and authorized_keys handling, and Debian packaging, which fits its role as a glue layer around GnuPG and OpenSSH rather than a replacement protocol.

### How it is used

Administrators use Monkeysphere to bind human-readable OpenPGP user IDs to SSH keys and host identities. The tools update authorized_keys and known_hosts after checking key validity, expiration, revocation, authentication-capable subkeys, and signatures from trusted identity certifiers. That makes its package-manager niche a specialized PKI bridge for people who already trusted OpenPGP key signing and wanted that trust graph to govern SSH host verification or user login access.

### Sources

- <https://github.com/dkg/monkeysphere>
- <https://github.com/dkg/monkeysphere/blob/master/Changelog>
- <https://manpages.ubuntu.com/manpages/jammy/man7/monkeysphere.7.html>
- <https://packages.debian.org/bullseye/monkeysphere>


## Security Notes

broad file, network, media, or database tool signal.

- **Geiger risk:** blue / medium
- broad file, network, media, or database tool signal

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** monkeysphere
- **Version Scheme:** 0
- **Revision:** 10
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** yes
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Nix - monkeysphere: normalized package name match | nixpkgs package indexes: pkgs/by-name/mo/monkeysphere/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- apk - monkeysphere - 0.44-r4: normalized package name match | Alpine Linux edge package indexes: monkeysphere from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | OpenPGP web of trust certification tools for SSH and TLS servers | https://github.com/dkg/monkeysphere
- apk - monkeysphere-doc - 0.44-r4: normalized package name match | Alpine Linux edge package indexes: monkeysphere-doc from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | OpenPGP web of trust certification tools for SSH and TLS servers (documentation) | https://github.com/dkg/monkeysphere


## Related links

- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [gnupg](https://www.automicvault.com/pkg/brew/gnupg/) - Runtime dependency declared by Homebrew.
- [libassuan](https://www.automicvault.com/pkg/brew/libassuan/) - Runtime dependency declared by Homebrew.
- [libgcrypt](https://www.automicvault.com/pkg/brew/libgcrypt/) - Runtime dependency declared by Homebrew.
- [libgpg-error](https://www.automicvault.com/pkg/brew/libgpg-error/) - Runtime dependency declared by Homebrew.
- [openssl@3](https://www.automicvault.com/pkg/brew/openssl-3/) - Runtime dependency declared by Homebrew.
- [gnu-sed](https://www.automicvault.com/pkg/brew/gnu-sed/) - Build dependency declared by Homebrew.
- [pkgconf](https://www.automicvault.com/pkg/brew/pkgconf/) - Build dependency declared by Homebrew.
- [ssh-copy-id](https://www.automicvault.com/pkg/brew/ssh-copy-id/) - Shares av.db curated category or tags: authentication, cli, openssh, security, ssh.
- [cyrus-sasl](https://www.automicvault.com/pkg/brew/cyrus-sasl/) - Shares av.db curated category or tags: authentication, cli, security.
- [duo_unix](https://www.automicvault.com/pkg/brew/duo-unix/) - Shares av.db curated category or tags: authentication, cli, security, ssh.
- [google-authenticator-libpam](https://www.automicvault.com/pkg/brew/google-authenticator-libpam/) - Shares av.db curated category or tags: authentication, cli, security.
- [heimdal](https://www.automicvault.com/pkg/brew/heimdal/) - Shares av.db curated category or tags: authentication, cli, security.
- [krb5](https://www.automicvault.com/pkg/brew/krb5/) - Shares av.db curated category or tags: authentication, cli, security.
- [kstart](https://www.automicvault.com/pkg/brew/kstart/) - Shares av.db curated category or tags: authentication, cli, security.
- [libjwt](https://www.automicvault.com/pkg/brew/libjwt/) - Shares av.db curated category or tags: authentication, cli, security.
- [gnupg-pkcs11-scd](https://www.automicvault.com/pkg/brew/gnupg-pkcs11-scd/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, error, gnupg, libassuan, libgcrypt.
- [onlykey-agent](https://www.automicvault.com/pkg/brew/onlykey-agent/) - Security-sensitive metadata or terminology overlaps. Shared terms: agent, authentication, cli, gnupg, security.

## Combined YAML source

View the package source record on GitHub. [combined/monkeysphere.yml](https://github.com/automic-vault/db/blob/main/combined/monkeysphere.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
