RHEL / CentOS / Fedora: Verify GPG Key For Package Update

How do I verify that the system using correct GPG keys to verify all patches, packages and update installed from RHN or repo under RHEL 5 or 6 server operating systems?

All packages can be cryptographically verified using the rpm / yum and gpg command itself. You need to use /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file. All packages from RHN or 3rd party Fedora Linux repo are signed with a GPG signature. The yum command will verify these signatures and refuse to install any packages that are not signed or have bad signatures. This make sure that the packages from RHN was provided by the Red Hat, Inc and have not been modified by anyone else.

Verify Installed Keys

To verify that the keys installed on your RHEL server system match the key listed here, use GnuPG to check that the fingerprint of the key matches:
# gpg --quiet --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Sample outputs:

pub  4096R/FD431D51 2009-10-22 Red Hat, Inc. (release key 2) 
      Key fingerprint = 567E 347A D004 4ADE 55BA  8A5F 199E 2F91 FD43 1D51
pub  1024D/2FA658E0 2006-12-01 Red Hat, Inc. (auxiliary key) 
      Key fingerprint = 43A6 E49C 4A38 F4BE 9ABF  2A53 4568 9C88 2FA6 58E0

If you use Fedora Linux packages, see this page for more information. If you use CentOS Linux packages, go here for more information.

How Do I Make Sure That the System Has the Red Hat GPG Key Installed?

Type the following command:
# rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey
Sample outputs (should match as follows – taken from RHEL v6.1 – Santiago):

gpg(Red Hat, Inc. (release key 2) )
gpg(Red Hat, Inc. (auxiliary key) )

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum