Product Signing Keys

We use a number of keys to sign our software packages. The necessary public keys are included in the relevant products and are used to automatically verify software updates. You can also verify the packages manually using the keys on this page.

RPM-based products

Products based on RPM use GPG signing keys. Run the following command to verify an RPM package:

rpm --checksig -v <filename>.rpm

The output of this command shows whether the package is signed and which key signed it.

Release Package Signing

Please do not use package-signing keys to encrypt email messages. Refer to the Security Contacts and Procedures page for secure communication information.

4096R/199e2f91fd431d51 (2009-10-22):
Red Hat, Inc. (release key 2) <security@redhat.com>

This key is used for signing Red Hat products released after October 2010 and their updates.

  • Location (Red Hat Enterprise Linux 6, 7, 8, 9): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
  • Download: Red Hat
  • Download: pgp.mit.edu
  • Fingerprint: 567E 347A D004 4ADE 55BA 8A5F 199E 2F91 FD43 1D51

4096R/1AC4971355A34A82 (2019-08-30):
Red Hat, Inc. (ISV Container Signing Key) <secalert@redhat.com>

This key is used to sign third-party containers which are certified by Red Hat.

  • Download: Red Hat
  • Download: pgp.mit.edu
  • Fingerprint:DC1F EDE4 C5BD 3225 F7E9 1275 1AC4 9713 55A3 4A82

4096R/5054E4A45A6340B3 (2022-03-09):
Red Hat, Inc. (auxiliary key 3) <security@redhat.com>

This is our disaster recovery key. In the unlikely event we lose the ability to sign with our master hardware keys, we would switch to using this key.

  • Location (Red Hat Enterprise Linux 9): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
  • Download: Red Hat
  • Download: pgp.mit.edu
  • SHA 256 Fingerprint: 7E46 2425 8C40 6535 D56D 6F13 5054 E4A4 5A63 40B3

4096R/E1A4BD708A828AAD:
Red Hat, Inc. (Ansible Collection Key 1) <secalert@redhat.com>

This key is used for signing of Ansible certified collections made available via the Ansible Automation Platform in Ansible Hub. Verification of collections signed with this key is handled automatically by ansible-galaxy CLI.

  • Download: Red Hat
  • Download: pgp.mit.edu
  • SHA 256 Fingerprint: 39:B5:D7:59:36:1A:97:46:4C:56:4A:8F:E1:A4:BD:70:8A:82:8A:AD

4096R/F76F66C3D4082792 (2018-06-27):
Red Hat, Inc. (auxiliary key 2) <security@redhat.com>

This is our disaster recovery key. In the unlikely event we lose the ability to sign with our master hardware keys, we would switch to using this key.

  • Location (Red Hat Enterprise Linux 8): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
  • Download: Red Hat
  • Download: pgp.mit.edu
  • Fingerprint: 6A6A A7C9 7C88 90AE C6AE BFE2 F76F 66C3 D408 2792

1024D/5326810137017186 (2006-12-06):
Red Hat, Inc. (release key) <security@redhat.com>

This key is used for signing all Red Hat products released after January 2007 and their updates.

  • Location (Red Hat Enterprise Linux 5): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
  • Location (Red Hat Enterprise Linux 6, 7): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-legacy-release
  • Download: Red Hat
  • Download: pgp.mit.edu
  • Fingerprint: 47DB 2877 89B2 1722 B6D9 5DDE 5326 8101 3701 7186

1024D/45689c882fa658e0 (2006-12-01):
Red Hat, Inc. (auxiliary key) <security@redhat.com>

This is our disaster recovery key. In the unlikely event we lose the ability to sign with our master hardware keys, we would switch to using this key.

  • Location (Red Hat Enterprise Linux 6, 7): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
  • Location (Red Hat Enterprise Linux 5): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
  • Download: Red Hat
  • Download: pgp.mit.edu
  • Fingerprint: 43A6 E49C 4A38 F4BE 9ABF 2A53 4568 9C88 2FA6 58E0

1024D/219180cddb42a60e (1999-09-23):
Red Hat, Inc. <security@redhat.com>

This key was used for signing all Red Hat products released prior to January 2007 as well as signing all past and future updates for those products.

  • Location (Red Hat Enterprise Linux 2.1, 3, and 4): /usr/share/rhn/RPM-GPG-KEY
  • Location (Red Hat Enterprise Linux 5): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-former
  • Location (Red Hat Enterprise Linux 6, 7): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-legacy-former
  • Download: Red Hat
  • Download: pgp.mit.edu
  • Fingerprint: CA20 8686 2BD6 9DFC 65F6 ECC4 2191 80CD DB42 A60E

4096R/7514f77d8366b0d9 (2015-02-16):
Red Hat, Inc. (tools key) <secalert@redhat.com>

This key is used for signing Customer Portal tools.

  • Download: Red Hat
  • Download: pgp.mit.edu
  • Fingerprint: 8B12 20FC 564E 9583 2002 05FF 7514 F77D 8366 B0D9

4096R/08DD962C1C711042 (2020-12-15):
Red Hat, Inc. (Container Ready Key 1) <secalert@redhat.com>

This key is used for automated signing of container RPM packages that have not been previously released to a public repository at container build time. This key is made available to customers for transparency purposes. Customers may use this key for manual package verification but it should NOT be enabled for YUM/DNF usage. Containers that include RPM packages signed with this key should themselves be signed with the Red Hat release key (4096R/199e2f91fd431d51).

  • Download: Red Hat
  • Download: pgp.mit.edu
  • Fingerprint: EEFE 4B79 4D2E 96AA 2961 E441 08DD 962C 1C71 1042

Beta Package Signing

1024D/fd372689897da07a (2002-03-15):
Red Hat, Inc. (beta test software) <rawhide@redhat.com>

This key is used for signing Red Hat beta test products.

  • Location (Red Hat Enterprise Linux 2.1, 3, and 4): /usr/share/rhn/BETA-RPM-GPG-KEY
  • Location (Red Hat Enterprise Linux 5): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
  • Location (Red Hat Enterprise Linux 6, 7): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
  • Download: Red Hat
  • Download: pgp.mit.edu
  • Fingerprint: 17E8 543D 1D4A A5FA A96A 7E9F FD37 2689 897D A07A

4096R/938a80caf21541eb (2009-02-24):
Red Hat, Inc. (beta key 2) <security@redhat.com>

This key is used for signing selected Red Hat beta test products due for release after November 2009.

  • Location (Red Hat Enterprise Linux 6, 7, 8, 9): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
  • Download: Red Hat
  • Download: pgp.mit.edu
  • Fingerprint: B08B 659E E86A F623 BC90 E8DB 938A 80CA F215 41EB

Development Package Signing

4096R/08b871e6a5787476 (2014-06-25):
Red Hat, Inc. (development key) <security@redhat.com>

This key is used for signing Red Hat development builds.

  • Download: Red Hat
  • Download: pgp.mit.edu
  • Fingerprint: 2D6D 2858 5549 E02F 2194 3840 08B8 71E6 A578 7476

Other Products

4096R/E191DDB2C509E861:
Red Hat Code Signing CA

This Certificate Authority is used for signing Red Hat Code Signing certificates.

  • Download: Red Hat
  • Key ID: 52F5:97AF:D045:414D:C460:C99C:E191:DDB2:C509:E861
  • Fingerprint: E3:24:8D:65:D0:7C:D0:54:44:F7:7D:A2:CE:0B:2F:EA:1A:51:67:B7:B2:81:15:8D:51:E1:E9:3B:41:9A:D7:A0

Certificates

2048R/66E8F8A29C65F85C:
Red Hat Secure Boot CA 3 <secalert@redhat.com>

This Certificate Authority is used for Secure Boot.

  • Download: Red Hat
  • Key ID: 4016:8416:44CE:3A81:0408:0507:66E8:F8A2:9C65:F85C
  • SHA256 Fingerprint: 99:96:C7:36:16:EE:42:F1:33:96:C9:AB:FB:4B:64:6B:53:8C:3C:80:94:04:74:B7:10:AF:DB:E5:3B:F1:7D:32

2048R/680B9144769A9F8F:
Red Hat Secure Boot CA 5 <secalert@redhat.com>

This Certificate Authority is used for Secure Boot.

  • Download: Red Hat
  • Key ID: CC6F:A5E7:2868:BA49:4E93:9BBD:680B:9144:769A:9F8F
  • SHA256 Fingerprint: 40:17:5D:4C:7C:5A:B4:BD:75:3A:49:3F:47:95:2F:1D:8D:CF:1C:21:9B:83:69:68:A6:93:E4:8B:D4:76:61:35

2048R/8ED29DB42A2898C8:
Red Hat Secure Boot CA 6 <secalert@redhat.com>

This Certificate Authority is used for Secure Boot.

  • Download: Red Hat
  • Key ID: E86A:1CAB:2C48:F960:36A2:F07B:8ED2:9DB4:2A28:98C8
  • SHA256 Fingerprint: A4:4B:DA:BC:05:B0:59:2F:BD:ED:9E:C5:D2:A6:5D:53:27:63:5C:03:F1:12:3B:63:67:4C:60:3A:58:E1:0F:2E

2048R/CA83CF505A887452:
Red Hat Secureboot 301 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: Red Hat
  • Key ID: 40:16:84:16:44:CE:3A:81:04:08:05:07:66:E8:F8:A2:9C:65:F8:5C
  • SHA256 Fingerprint: A4:1A:FE:C4:66:E8:5F:21:6C:3A:A4:68:CD:4A:41:E1:53:70:FC:54:04:84:79:4B:14:77:44:47:1C:09:CA:02

2048R/4A99B3D7490DA9E6:
Red Hat Secureboot 302 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: Red Hat
  • Key ID: 40:16:84:16:44:CE:3A:81:04:08:05:07:66:E8:F8:A2:9C:65:F8:5C
  • SHA256 Fingerprint: 00:D3:57:CD:7B:03:72:FB:D1:E5:4F:CD:BC:F3:80:D9:2A:C9:E6:98:D0:08:2C:AB:48:6A:17:7A:E4:CD:34:BD

2048R/C77C35D3961F405A:
Red Hat Secureboot 303 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: Red Hat
  • Key ID: 40:16:84:16:44:CE:3A:81:04:08:05:07:66:E8:F8:A2:9C:65:F8:5C
  • SHA256 Fingerprint: F5:AB:F3:D3:04:1D:7A:44:12:1C:0C:71:25:C3:D0:76:3B:78:D1:BA:36:77:D1:10:46:B4:DF:71:B1:7C:F5:FE

2048R/81EAB5F63D1D83F5:
Red Hat Secureboot 304 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: Red Hat
  • Key ID: 40:16:84:16:44:CE:3A:81:04:08:05:07:66:E8:F8:A2:9C:65:F8:5C
  • SHA256 Fingerprint: 30:C4:01:71:C1:DF:FA:1D:F4:E6:40:05:0C:E4:A1:FB:23:08:85:1A:A3:42:26:E2:0F:BA:6C:60:98:B1:2A:73

2048R/E4CA5C9647273E6D:
Red Hat Secureboot 501 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: Red Hat
  • Key ID: CC:6F:A5:E7:28:68:BA:49:4E:93:9B:BD:68:0B:91:44:76:9A:9F:8F
  • SHA256 Fingerprint: 81:CC:EE:97:47:E6:7D:D8:C5:E5:D0:8B:A5:B3:36:DA:9B:9B:CD:BF:F8:94:22:F5:A8:CC:2F:A4:50:B3:F0:3E

2048R/96B80DA7127E985D:
Red Hat Secureboot 502 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: Red Hat
  • Key ID: CC:6F:A5:E7:28:68:BA:49:4E:93:9B:BD:68:0B:91:44:76:9A:9F:8F
  • SHA256 Fingerprint: 3F:56:4E:F4:12:27:56:2F:9E:A4:5C:3F:D8:F9:6B:EA:9A:B8:20:52:47:EF:72:DD:02:5F:DC:D7:28:37:3A:00

2048R/918D0F196D56D92B:
Red Hat Secureboot 503 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: Red Hat
  • Key ID: CC:6F:A5:E7:28:68:BA:49:4E:93:9B:BD:68:0B:91:44:76:9A:9F:8F
  • SHA256 Fingerprint: 0E:A9:D5:B9:BA:C1:D0:0B:D2:17:66:BF:EF:6A:3B:B4:81:B8:AD:BC:78:DA:FC:51:56:73:C9:7A:B0:0E:44:1B

2048R/178ECEF7AE828A68:
Red Hat Secureboot 504 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: Red Hat
  • Key ID: CC:6F:A5:E7:28:68:BA:49:4E:93:9B:BD:68:0B:91:44:76:9A:9F:8F
  • SHA256 Fingerprint: 62:B5:59:EB:AB:B8:86:80:30:A6:A1:82:71:5E:8B:7D:C0:16:30:44:57:63:57:AC:5C:98:4C:E5:3A:7E:CF:8C

2048R/1FB0EAE4B7EE31E8:
Red Hat Secureboot 601 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: Red Hat
  • Key ID: E8:6A:1C:AB:2C:48:F9:60:36:A2:F0:7B:8E:D2:9D:B4:2A:28:98:C8
  • SHA256 Fingerprint: 8F:43:5A:96:26:1E:57:1E:D5:57:F9:24:3E:7F:E7:DB:5B:93:BC:8F:7E:EF:CF:C5:B0:C1:54:D5:D2:92:92:FB

2048R/5F87B531FE10BBA7:
Red Hat Secureboot 602 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: Red Hat
  • Key ID: E8:6A:1C:AB:2C:48:F9:60:36:A2:F0:7B:8E:D2:9D:B4:2A:28:98:C8
  • SHA256 Fingerprint: 75:17:86:34:D1:3B:20:04:FE:D7:C7:D9:E6:EA:5A:C1:56:1A:5E:D7:7B:F4:EF:EE:12:AD:92:A8:83:41:15:15

2048R/ABA7CD9E9C40CED9:
Red Hat Secureboot 603 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: Red Hat
  • Key ID: E8:6A:1C:AB:2C:48:F9:60:36:A2:F0:7B:8E:D2:9D:B4:2A:28:98:C8
  • SHA256 Fingerprint: 39:B9:C9:01:D3:0B:E9:9D:B5:E1:E9:4A:38:85:09:25:5D:66:E3:BE:56:81:7C:03:16:AD:3A:B8:8F:2E:67:74