Product Signing (GPG) Keys

We use a number of GPG keys to sign our software packages. The necessary public keys are included in the relevant products and are used to automatically verify software updates. You can also verify the packages manually using the keys on this page.

Run the following command to verify an RPM package for a Red Hat product:

rpm --checksig -v <filename>.rpm

The output of this command shows whether the package is signed and which key signed it.

Release Package Signing

Please do not use package-signing keys to encrypt email messages. Refer to the Security Contacts and Procedures page for secure communication information.

fd431d51: Red Hat, Inc. (release key 2) <security@redhat.com>

This key is used for signing Red Hat products released after October 2010 and their updates.

Location (Red Hat Enterprise Linux 6, 7): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Download: Red Hat
Download: pgp.mit.edu
Fingerprint: 567E 347A D004 4ADE 55BA 8A5F 199E 2F91 FD43 1D51

37017186: Red Hat, Inc. (release key) <security@redhat.com>

This key is used for signing all Red Hat products released after January 2007 and their updates.

Location (Red Hat Enterprise Linux 5): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Location (Red Hat Enterprise Linux 6, 7): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-legacy-release
Download: Red Hat
Download: pgp.mit.edu
Fingerprint: 47DB 2877 89B2 1722 B6D9 5DDE 5326 8101 3701 7186

2fa658e0: Red Hat, Inc. (auxiliary key) <security@redhat.com>

This is our disaster recovery key. In the unlikely event we lose the ability to sign with our master hardware keys, we would switch to using this key.

Location (Red Hat Enterprise Linux 6, 7): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Location (Red Hat Enterprise Linux 5): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Download: pgp.mit.edu
Fingerprint: 43A6 E49C 4A38 F4BE 9ABF 2A53 4568 9C88 2FA6 58E0

db42a60e: Red Hat, Inc. <security@redhat.com>

This key was used for signing all Red Hat products released prior to January 2007 as well as signing all past and future updates for those products.

Location (Red Hat Enterprise Linux 2.1, 3, and 4): /usr/share/rhn/RPM-GPG-KEY
Location (Red Hat Enterprise Linux 5): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-former
Location (Red Hat Enterprise Linux 6, 7): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-legacy-former
Download: Red Hat
Download: pgp.mit.edu
Fingerprint: CA20 8686 2BD6 9DFC 65F6 ECC4 2191 80CD DB42 A60E

8366b0d9: Red Hat, Inc. (tools key)

This key is used for signing Customer Portal tools.

Download: Red Hat
Download: pgp.mit.edu
Fingerprint: 8B12 20FC 564E 9583 2002 05FF 7514 F77D 8366 B0D9

Beta Package Signing

897da07a: Red Hat, Inc. (beta test software) <rawhide@redhat.com>

This key is used for signing Red Hat beta test products.

Location (Red Hat Enterprise Linux 2.1, 3, and 4): /usr/share/rhn/BETA-RPM-GPG-KEY
Location (Red Hat Enterprise Linux 5): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
Location (Red Hat Enterprise Linux 6, 7): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
Download: Red Hat
Download: pgp.mit.edu
Fingerprint: 17E8 543D 1D4A A5FA A96A 7E9F FD37 2689 897D A07A

f21541eb: Red Hat, Inc. (beta key 2) <security@redhat.com>

This key is used for signing selected Red Hat beta test products due for release after November 2009.

Location (Red Hat Enterprise Linux 6, 7): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
Download: Red Hat
Download: pgp.mit.edu
Fingerprint: B08B 659E E86A F623 BC90 E8DB 938A 80CA F215 41EB

Development Package Signing

a5787476: Red Hat, Inc. (development key) <security@redhat.com>

This key is used for signing Red Hat development builds.

Download: pgp.mit.edu
Fingerprint: 2D6D 2858 5549 E02F 2194 3840 08B8 71E6 A578 7476