Key

GPG Key Used By The ELRepo Project

View this page securely

The ELRepo Project uses a GPG key to sign all RPM packages that we release.

Each RPM package that is released by the ELRepo Project is signed with a GPG signature. By default, yum and rpm will verify these signatures and refuse to install any packages that are not signed or have bad signatures. You should always verify the signature of a package before you install it. These signatures ensure that the packages you install are genuine as released by the ELRepo Project and have not been altered (accidentally or maliciously) since their release.

The key is included in the elrepo-release package and you can find it within the /etc/pki/rpm-gpg/ directory. (File RPM-GPG-KEY-elrepo.org)

The key may be downloaded from this website and is also available on a public key server (keys.openpgp.org).

Location: /etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org
Download from: elrepo.org
Download from: keys.openpgp.org
Fingerprint: 96C0 104F 6315 4731 1E0B B1AE 309B C305 BAAD AE52

Users should verify the key by checking it's fingerprint matches the fingerprint listed here before installing it:

$ gpg --show-key --with-subkey-fingerprint RPM-GPG-KEY-elrepo.org
pub   dsa1024 2009-03-17 [SC]
      96C0104F631547311E0BB1AE309BC305BAADAE52
uid                      elrepo.org (RPM Signing Key for elrepo.org) <secure@elrepo.org>
sub   elg2048 2009-03-17 [E]
      FD406D02B90D5399A8EB6C13F46A3776B8C66E6D

Once you are satisfied the key is authentic, you can import it:

# rpm --import RPM-GPG-KEY-elrepo.org