GPG keys

Contacting Red Hat securely

The Red Hat Security Response Team use a GNU Privacy Guard (GnuPG or GPG) key to secure communications. Mail sent to secalert@redhat.com can be encrypted with this public key. We expect to change the key we use from time to time. Should we change the key, the previous keys will be revoked and the rhsa-announce mailing list will be notified of the change.

650d5882: Red Hat, Inc. (Security Response Team)

This key is used for communicating securely with the Red Hat Security Response Team and for signing the security advisories posted to mailing lists.

Download: Red Hat
Download: pgp.mit.edu
Fingerprint: 9273 2337 E5AD 3417 5265 64AB 5E54 8083 650D 5882

Please do not send messages encrypted with this public key to any address other than security@redhat.com and secalert@redhat.com. We are unable to accept any non–security-related email that is encrypted with this public key.

RPM package signing

We use a number of GPG keys to sign our software packages. The necessary public keys are included in the relevant products and are used to automatically verify software updates. You can also verify the packages manually using the keys on this page.

Run the following command to verify an RPM package for a Red Hat product:

rpm --checksig -v .rpm
      

The output of this command shows whether the package is signed, and which key signed it.

Release package signing

Please do not use package signing keys to encrypt email messages. See the other sections of this page for secure communication information.

fd431d51: Red Hat, Inc. (release key 2)

This key is used for signing Red Hat products released after October 2010 and their updates.

Location (Red Hat Enterprise Linux 6): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Download: Red Hat
Download: pgp.mit.edu
Fingerprint: 567E 347A D004 4ADE 55BA 8A5F 199E 2F91 FD43 1D51

37017186: Red Hat, Inc. (release key)

This key is used for signing all Red Hat products released after January 2007 and their updates.

Location (Red Hat Enterprise Linux 5): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Location (Red Hat Enterprise Linux 6): /etc/pki/rpm-gpg/RPM-GPG-KEY-legacy-release
Download: Red Hat
Download: pgp.mit.edu
Fingerprint: 47DB 2877 89B2 1722 B6D9 5DDE 5326 8101 3701 7186

db42a60e: Red Hat, Inc.

This key was used for signing all Red Hat products released prior to January 2007 as well as signing all past and future updates for those products.

Location (Red Hat Enterprise Linux 2.1, 3, and 4): /usr/share/rhn/RPM-GPG-KEY
Location (Red Hat Enterprise Linux 5): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-former
Location (Red Hat Enterprise Linux 6): /etc/pki/rpm-gpg/RPM-GPG-KEY-legacy-former
Download: Red Hat
Download: pgp.mit.edu
Fingerprint: CA20 8686 2BD6 9DFC 65F6 ECC4 2191 80CD DBC2 A60E

42193e6b: Red Hat, Inc. (RHX key)

This key is used for signing packages distributed by Red Hat Exchange.

Location (Red Hat Exchange): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-rhx
Location (Red Hat Enterprise Linux 6): /etc/pki/rpm-gpg/RPM-GPG-KEY-legacy-rhx
Download: Red Hat
Download: pgp.mit.edu
Fingerprint: 01AD EFD1 5A95 AE43 14DE 83C2 39A1 3A12 4219 3E6B

Beta package signing

897da07a: Red Hat, Inc. (beta test software)

This key is used for signing Red Hat beta test products.

Location (Red Hat Enterprise Linux 2.1, 3, and 4): /usr/share/rhn/BETA-RPM-GPG-KEY
Location (Red Hat Enterprise Linux 5): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
Location (Red Hat Enterprise Linux 6): /etc/pki/rpm-gpg/RPM-GPG-KEY-beta
Download: Red Hat
Download: pgp.mit.edu
Fingerprint: 17E8 543D 1D4A A5FA A96A 7E9F FD37 2689 897D A07A

f21541eb: Red Hat, Inc. (beta key 2)

This key is used for signing selected Red Hat beta test products due for release after November 2009.

Location (Red Hat Enterprise Linux 6): /etc/pki/rpm-gpg/RPM-GPG-KEY-beta
Download: Red Hat
Download: pgp.mit.edu
Fingerprint: B08B 659E E86A F623 BC90 E8DB 938A 80CA F215 41EB