====== Key ======
====GPG Key Used By The ELRepo Project====

[[https://elrepo.org/wiki/doku.php?id=key|View this page securely]]

The ELRepo Project uses a GPG key to sign all RPM packages that we release.

Each RPM package that is released by the ELRepo Project is signed with a GPG signature. By default, yum and rpm will verify these signatures and refuse to install any packages that are not signed or have bad signatures. You should always verify the signature of a package before you install it. These signatures ensure that the packages you install are genuine as released by the ELRepo Project and have not been altered (accidentally or maliciously) since their release.

The key is included in the elrepo-release package and you can find it within the /etc/pki/rpm-gpg/ directory. (File RPM-GPG-KEY-elrepo.org)

The key may be downloaded from this website and is also available on a public key server (keys.openpgp.org).

**Location:** /etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org \\
**Download from:** [[https://www.elrepo.org/RPM-GPG-KEY-elrepo.org|elrepo.org]] \\
**Download from:** [[https://keys.openpgp.org/search?q=96C0+104F+6315+4731+1E0B++B1AE+309B+C305+BAAD+AE52|keys.openpgp.org]] \\
**Fingerprint:** 96C0 104F 6315 4731 1E0B  B1AE 309B C305 BAAD AE52 \\

Users should verify the key by checking it's fingerprint matches the fingerprint listed here before installing it:

<code>
$ gpg --show-key --with-subkey-fingerprint RPM-GPG-KEY-elrepo.org
pub   dsa1024 2009-03-17 [SC]
      96C0104F631547311E0BB1AE309BC305BAADAE52
uid                      elrepo.org (RPM Signing Key for elrepo.org) <secure@elrepo.org>
sub   elg2048 2009-03-17 [E]
      FD406D02B90D5399A8EB6C13F46A3776B8C66E6D
</code>
Once you are satisfied the key is authentic, you can import it:

<code>
# rpm --import RPM-GPG-KEY-elrepo.org</code>