Account Links: Cart | Register | Log In

Skip to content

Contacting Red Hat Securely

The Red Hat Security Response Team use a GNU Privacy Guard (GPG) key to secure communications. When contacting us at secalert@redhat.com you may encrypt your mail using this public key. We expect to change the key we use from time to time. Should we change the key, we will revoke previous keys and notify the enterprise-watch-list email list.

650d5882: Red Hat, Inc. (Security Response Team) <secalert@redhat.com>


This key is used for communicating with the Red Hat Security Response Team and for signing of security advisories posted to mailing lists.

Download: Red Hat
Download: pgp.mit.edu
Fingerprint: 9273 2337 E5AD 3417 5265 64AB 5E54 8083 650D 5882

Please do not send messages encrypted with this public key to any address other than security@redhat.com or secalert@redhat.com. We are sorry but we are unable to accept orders or other non-security related email which is encrypted with this public key

RPM Package Signing

We use a number of GNU Privacy Guard (GPG) keys to sign our software packages. The necessary public keys are included in relevant products and are used automatically to verify software updates. You can also check the packages manually using the keys on this page.

To verify a RPM package for a Red Hat product, run the command

rpm --checksig -v <filename>.rpm

The output of this command will show you if the package is signed, and which key was used to sign it.

Please do not send messages encrypted with these public keys, for all secure communications please see the section "Contacting Red Hat Securely"

Release Package Signing

37017186: Red Hat, Inc. (release key) <security@redhat.com>


This key is used for signing all Red Hat products released after January 2007 and their updates

Location (Red Hat Enterprise Linux 5): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Download: Red Hat
Download: pgp.mit.edu
Fingerprint: 47DB 2877 89B2 1722 B6D9 5DDE 5326 8101 3701 7186

db42a60e: Red Hat, Inc <security@redhat.com>


This key was used for signing all Red Hat products released prior to January 2007 as well as signing all past and future updates for those products.

Location (Red Hat Enterprise Linux 2.1, 3, 4): /usr/share/rhn/RPM-GPG-KEY
Location (Red Hat Enterprise Linux 5): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-former
Download: Red Hat
Download: pgp.mit.edu
Fingerprint: CA20 8686 2BD6 9DFC 65F6 ECC4 2191 80CD DBC2 A60E

42193e6b: Red Hat, Inc. (RHX key) <rhx-support@redhat.com>


This key is used for signing packages distributed by Red Hat Exchange.

Location (Red Hat Exchange): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-rhx
Download: Red Hat
Download: pgp.mit.edu
Fingerprint:01AD EFD1 5A95 AE43 14DE 83C2 39A1 3A12 4219 3E6B

Beta Package Signing

897da07a: Red Hat, Inc. (Beta Test Software) <rawhide@redhat.com>


This key is used for signing Red Hat beta test products.

Location (Red Hat Enterprise Linux 2.1, 3, 4): /usr/share/rhn/BETA-RPM-GPG-KEY
Location (Red Hat Enterprise Linux 5): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
Download: Red Hat
Download: pgp.mit.edu
Fingerprint: 17E8 543D 1D4A A5FA A96A 7E9F FD37 2689 897D A07A