6 thoughts on - Where Can I Find The CentOS Gpg Keys?

• repository gpg can be found in
  /etc/pki/rpm-gpg/

  read the repo file(s) in

  /etc/yum.repos.d/

  cat /etc/yum.repos.d/CentOS-Base.repo
  # CentOS-Base.repo
  #
  # The mirror system uses the connecting IP address of the client and the
  # update status of each mirror to pick mirrors that are updated to and
  # geographically close to the client. You should use this for CentOS
  updates
  # unless you are manually picking other mirrors.
  #
  # If the mirrorlist= does not work for you, as a fall back you can try the
  # remarked out baseurl= line instead.
  #
  #

  [base]
  name=CentOS-$releasever – Base mirrorlist=http://mirrorlist.CentOS.org/?release=$releasever&arch=
  $basearch&repo=os&infra=$infra
  #baseurl=http://mirror.CentOS.org/CentOS/$releasever/os/$basearch/
  gpgcheck=1
  gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  Am Donnerstag, den 28.04.2016, 20:50 +0200 schrieb Albin Otterhäll:

• You can find the keys in the top directory of any CentOS mirror e.g. http://mirror.CentOS.org/CentOS/

• Apparently I wasn’t clear enough. I’m using Arch Linux (i.e. I haven’t access to the gpg key that comes with an installation) and would like to verify the ISO I’ve downloaded. To-do that I need the key used to sign the “sha256sum.txt.asc” file.

  I need to import the CentOS Release 7 (and maybe additional keys) from a keyserver or download the keyfile to be able do that.

  Regards, Albin

• Thank for helping me out!

• Open up a browser and go to:

  The GPG keys used to sign the RPM packages are in that directory. That may also be the key used to sign the checksum files. Here;s what I did on my system to check:

  The bit that says “Good signature” seems to indicate that it was OK.

  Hope that answers your question!

• Am 28.04.2016 um 21:29 schrieb Albin Otterh