Where Can I Find The CentOS Gpg Keys?

Home » CentOS » Where Can I Find The CentOS Gpg Keys?
CentOS 6 Comments

Hi!

I’m currently using a non-CentOS system, and wondering where I can find the GPG keys so I can verify the checksum file?

The page on the website (https://www.CentOS.org/keys/) only give information where I can find them on an already installed system.

Regards, Albin

6 thoughts on - Where Can I Find The CentOS Gpg Keys?

  • repository gpg can be found in
    /etc/pki/rpm-gpg/

    read the repo file(s) in

    /etc/yum.repos.d/

    cat /etc/yum.repos.d/CentOS-Base.repo
    # CentOS-Base.repo
    #
    # The mirror system uses the connecting IP address of the client and the
    # update status of each mirror to pick mirrors that are updated to and
    # geographically close to the client. You should use this for CentOS
    updates
    # unless you are manually picking other mirrors.
    #
    # If the mirrorlist= does not work for you, as a fall back you can try the
    # remarked out baseurl= line instead.
    #
    #

    [base]
    name=CentOS-$releasever – Base mirrorlist=http://mirrorlist.CentOS.org/?release=$releasever&arch=
    $basearch&repo=os&infra=$infra
    #baseurl=http://mirror.CentOS.org/CentOS/$releasever/os/$basearch/
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    Am Donnerstag, den 28.04.2016, 20:50 +0200 schrieb Albin Otterhäll:

  • Apparently I wasn’t clear enough. I’m using Arch Linux (i.e. I haven’t access to the gpg key that comes with an installation) and would like to verify the ISO I’ve downloaded. To-do that I need the key used to sign the “sha256sum.txt.asc” file.

    I need to import the CentOS Release 7 (and maybe additional keys) from a keyserver or download the keyfile to be able do that.

    Regards, Albin

  • Open up a browser and go to:

    The GPG keys used to sign the RPM packages are in that directory. That may also be the key used to sign the checksum files. Here;s what I did on my system to check:

    The bit that says “Good signature” seems to indicate that it was OK.

    Hope that answers your question!

LEAVE A COMMENT