How to install Red Hat GPG key for RPM verification.

If the Red Hat GPG key is not installed, install it from a secure, static location, such as a Red Hat installation CD-ROM or DVD.

All Red Hat Enterprise Linux packages are signed with the Red Hat GPG key. GPG stands for GNU Privacy Guard, or GnuPG, a free software package used for ensuring the authenticity of distributed files. For example, a private key (secret key) locks the package while the public key unlocks and verifies the package. If the public key distributed by Red Hat Enterprise Linux does not match the private key during RPM verification, the package may have been altered and therefore cannot be trusted.

use the following command to import it into the keyring (a database of trusted keys on the system):

rpm –import /mnt/cdrom/RPM-GPG-KEY

To display a list of all keys installed for RPM verification, execute the following command:

rpm -qa gpg-pubkey*

It is extremely important to verify the signature of the RPM files before installing them to ensure that they have not been altered from the original source of the packages. To verify all the downloaded packages at once, issue the following command:

rpm -K /tmp/updates/*.rpm

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.