>>NSA SELinux OpenPGP Signature Verification

Contents

Overview

What's New

Frequently Asked Questions

Background

Documentation

License

Download

Participating

Mail List

Remaining Work

Contributors

Related Work

Press Releases

At the request of SELinux users, a detached OpenPGP signature file is now provided for each archive and patch file that NSA provides in the SELinux release. These signature files can be downloaded using the (signature) links for each entry on the Downloading SELinux page. This signature may be helpful to SELinux users in checking the origin and integrity of the file. The use of OpenPGP signatures should not be construed as an endorsement of such signatures by the NSA. The current NSA SELinux OpenPGP key is always posted on this page, along with any revocation certificates for older keys.

The current NSA SELinux OpenPGP key is:

pub  1024D/C2A28098 2004-02-27 NSA SELinux Team <selinux-team@tycho.nsa.gov>
     Key fingerprint = 0928 4B2A D6C2 001D 0E49  E111 7287 F912 C2A2 8098

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.1 (GNU/Linux)

mQGiBEA/Tt4RBADyOFE1dTBfXY1VYoZ/0YKsVQUADTW/30upCBrhPOxtS4pazSzL
2CGh+xKJ8lyw8gmCCsuH0WyHKVEiOkBA8zvWrsV0a1/sxSXC9wx+dlWFvY5Q1iyy
t3cKL0YN8sxJvAtqlPMMlLwz34EvoZ+vgFrijLsMeW2A7ltBsZeACAzF7wCgoz0T
iuX03gO6ofQGuahIuyl5x5ED/1tgW+kT+fpyswPnKJEihvRMdR4M88RJvCDoWO5g
AVAp/7PkUJVK9kWLAUgL6QZHAiL7BB5LnErfGCQT+LqFChw9Jz5HKuvnOnLWZSKS
pwAiYmF7RsW/nTKROtlGKKOMQnljMKtaEWw6nureQ7wdsUTE6ZoSl6WKPUWQYpQs
rCvQA/9Y6tiusgigUW4E4UCCrMDTkxTk33i/UZHfrM0Snx8qvcLxmywabN8ioZ7U
FafQlICCQidVHDQxhst5et5X569p/XS51TF+FnXQl/EFuGKHUBMH8sqwcBPgU9eM
/AbhrLtjcOg/1hM7if6t9z2cprPVOcvas30XB9lHbEbDLzGDObQtTlNBIFNFTGlu
dXggVGVhbSA8c2VsaW51eC10ZWFtQHR5Y2hvLm5zYS5nb3Y+iFkEExECABkFAkA/
Tt4ECwcDAgMVAgMDFgIBAh4BAheAAAoJEHKH+RLCooCYDwgAnjJkyhNTgxAB6+79
AZa1eh2EbqRTAKCch8VfWFHuYHLFpgX36UBxDzqOdohGBBMRAgAGBQJAP1MbAAoJ
EHLdmaxo7L+ncj4An0PXMxNkFrU0Dw1ccNIO4i9j3NwJAKCtXgnsj7aAS7dmf/Cc
M/hMvAiQ64hGBBMRAgAGBQJAP5pRAAoJEOG82XT+tZhx3/YAniRJ897shBpbh/hT
YypDDxkwQWeiAKCnqaiqOr0KE0WYcm8AXV1uhc2UlohGBBMRAgAGBQJAP6PbAAoJ
EM8zaxf/Tw+4HJ0AoL34EKa4Be4tvXUfSS1mJgPwbR83AJ9oJijmpCcpdzzufoVb
VWfcT3s7pA==
=6ch7
-----END PGP PUBLIC KEY BLOCK-----

To import the key using GnuPG, you can gpg --import the key above. You can also obtain the key from most common PGP key servers, such as wwwkeys.pgp.net. To import it from the keyserver using GnuPG, do:

  gpg --keyserver wwwkeys.pgp.net --recv-keys 0xC2A28098

After importing the key, verifying a signature with GnuPG should look like this example:

  % gpg --verify libselinux-1.10.tgz.sign libselinux-1.10.tgz

gpg: Signature made Fri 27 Feb 2004 09:19:17 AM EST using DSA key ID C2A28098
gpg: Good signature from "NSA SELinux Team <selinux-team@tycho.nsa.gov>"

GnuPG will warn about the absence of a trust path to the key and its inability to verify that the signature belongs to the owner unless you build a trust path to the NSA SELinux key. However, this warning is not indicative of a problem with verifying the signature.

Linux is a registered trademark of Linus Torvalds