Product Signing Keys

We use a number of keys to sign our software packages. The necessary public keys are included in the relevant products and are used to automatically verify software updates. You can also verify the packages manually using the keys on this page.

RPM-based products

Products based on RPM use GPG signing keys. Run the following command to verify an RPM package:

rpm --checksig -v <filename>.rpm

The output of this command shows whether the package is signed and which key signed it.

Release Package Signing

Please do not use package-signing keys to encrypt email messages. Refer to the Security Contacts and Procedures page for secure communication information.

4096R/199e2f91fd431d51 (2009-10-22):
Red Hat, Inc. (release key 2) <security@redhat.com>

This key is used for signing Red Hat products released after October 2010 and their updates.

4096R/E60D446E63405576 (2024-09-20):
Red Hat, Inc. (release key 3) <security@redhat.com>

As of October 2024, all of our containers are signed using sigstore and release3 key in addition to release2 gpg signature.

  • Location (Red Hat Enterprise Linux 10): /etc/pki/sigstore/SIGSTORE-redhat-release3
  • Download: This content is not included.Red Hat
  • SHA 256 Fingerprint: BA:9D:26:35:0D:78:89:3A:20:F3:37:E2:15:3A:11:31:08:BF:CF:06:40:85:AF:AE:E6:0D:44:6E:63:40:55:76

ML-DSA-87+Ed448/D246D6276AFEDF8F(2025-10-08):
Red Hat, Inc. (release key 4) <security@redhat.com>

This post-quantum safe key is used for signing Red Hat products released after October 2025 and their updates.

  • Location (Red Hat Enterprise Linux 9.7 and 10.1): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
  • Download: This content is not included.Red Hat
  • Fingerprint: FCD355B305707A62DA143AB6E422397E50FE8467A2A95343D246D6276AFEDF8F

4096R/5054E4A45A6340B3 (2022-03-09):
Red Hat, Inc. (auxiliary key 3) <security@redhat.com>

This is our disaster recovery key. In the unlikely event we lose the ability to sign with our master hardware keys, we would switch to using this key.

4096R/E1A4BD708A828AAD:
Red Hat, Inc. (Ansible Collection Key 1) <secalert@redhat.com>

This key is used for signing of Ansible certified collections made available via the Ansible Automation Platform in Ansible Hub. Verification of collections signed with this key is handled automatically by ansible-galaxy CLI.

4096R/F76F66C3D4082792 (2018-06-27):
Red Hat, Inc. (auxiliary key 2) <security@redhat.com>

This is our disaster recovery key. In the unlikely event we lose the ability to sign with our master hardware keys, we would switch to using this key.

1024D/5326810137017186 (2006-12-06):
Red Hat, Inc. (release key) <security@redhat.com>

This key is used for signing all Red Hat products released after January 2007 and their updates.

1024D/45689c882fa658e0 (2006-12-01):
Red Hat, Inc. (auxiliary key) <security@redhat.com>

This is our disaster recovery key. In the unlikely event we lose the ability to sign with our master hardware keys, we would switch to using this key.

1024D/219180cddb42a60e (1999-09-23):
Red Hat, Inc. <security@redhat.com>

This key was used for signing all Red Hat products released prior to January 2007 as well as signing all past and future updates for those products.

  • Location (Red Hat Enterprise Linux 2.1, 3, and 4): /usr/share/rhn/RPM-GPG-KEY
  • Location (Red Hat Enterprise Linux 5): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-former
  • Location (Red Hat Enterprise Linux 6, 7): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-legacy-former
  • Download: This content is not included.Red Hat
  • Download: This content is not included.pgp.mit.edu
  • Fingerprint: CA20 8686 2BD6 9DFC 65F6 ECC4 2191 80CD DB42 A60E

4096R/7514f77d8366b0d9 (2015-02-16):
Red Hat, Inc. (tools key) <secalert@redhat.com>

This key is used for signing Customer Portal tools.

4096R/08DD962C1C711042 (2020-12-15):
Red Hat, Inc. (Container Ready Key 1) <secalert@redhat.com>

This key is used for automated signing of container RPM packages that have not been previously released to a public repository at container build time. This key is made available to customers for transparency purposes. Customers may use this key for manual package verification but it should NOT be enabled for YUM/DNF usage. Containers that include RPM packages signed with this key should themselves be signed with the Red Hat release key (4096R/199e2f91fd431d51).

4096R/1AC4971355A34A82 (2019-08-30):
Red Hat, Inc. (ISV Container Signing Key) <secalert@redhat.com>

This key is used to sign third-party containers which are certified by Red Hat.

Beta Package Signing

1024D/fd372689897da07a (2002-03-15):
Red Hat, Inc. (beta test software) <rawhide@redhat.com>

This key is used for signing Red Hat beta test products.

  • Location (Red Hat Enterprise Linux 2.1, 3, and 4): /usr/share/rhn/BETA-RPM-GPG-KEY
  • Location (Red Hat Enterprise Linux 5): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
  • Location (Red Hat Enterprise Linux 6, 7): /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
  • Download: This content is not included.Red Hat
  • Download: This content is not included.pgp.mit.edu
  • Fingerprint: 17E8 543D 1D4A A5FA A96A 7E9F FD37 2689 897D A07A

4096R/938a80caf21541eb (2009-02-24):
Red Hat, Inc. (beta key 2) <security@redhat.com>

This key is used for signing selected Red Hat beta test products due for release after November 2009.

Development Package Signing

4096R/08b871e6a5787476 (2014-06-25):
Red Hat, Inc. (development key) <security@redhat.com>

This key is used for signing Red Hat development builds.

Other Products

4096R/E191DDB2C509E861:
Red Hat Code Signing CA

This Certificate Authority is used for signing Red Hat Code Signing certificates.

  • Download: This content is not included.Red Hat
  • Key ID: 52F5:97AF:D045:414D:C460:C99C:E191:DDB2:C509:E861
  • Fingerprint: E3:24:8D:65:D0:7C:D0:54:44:F7:7D:A2:CE:0B:2F:EA:1A:51:67:B7:B2:81:15:8D:51:E1:E9:3B:41:9A:D7:A0

Certificates

2048R/CFE49CFBD3320449:
Red Hat IMA Release CA <secalert@redhat.com>

This Certificate Authority is used for Secure Boot.

  • Download: This content is not included.Red Hat
  • Key ID: FB:31:82:5D:D0:E0:73:68:5B:26:4E:30:38:96:36:73:F7:53:95:9A
  • SHA256 Fingerprint: AD:F5:BB:F5:87:1E:96:58:AD:AE:AD:CF:B7:D6:F7:59:2F:10:91:F8:70:1C:1E:06:DF:F9:BD:99:CC:89:3D:DA

2048R/38963673F753959A:
Red Hat IMA Release <secalert@redhat.com>

This Certificate Authority is used for Secure Boot.

  • Download: This content is not included.Red Hat
  • Key ID: FB:31:82:5D:D0:E0:73:68:5B:26:4E:30:38:96:36:73:F7:53:95:9A
  • SHA256 Fingerprint: B4:66:26:52:82:19:3C:17:B3:25:6B:19:9E:CC:3B:DD:98:67:97:B4:A8:2A:D8:41:DE:4A:13:21:32:E9:F6:AB

2048R/66E8F8A29C65F85C:
Red Hat Secure Boot CA 3 <secalert@redhat.com>

This Certificate Authority is used for Secure Boot.

  • Download: This content is not included.Red Hat
  • Key ID: 4016:8416:44CE:3A81:0408:0507:66E8:F8A2:9C65:F85C
  • SHA256 Fingerprint: 99:96:C7:36:16:EE:42:F1:33:96:C9:AB:FB:4B:64:6B:53:8C:3C:80:94:04:74:B7:10:AF:DB:E5:3B:F1:7D:32

2048R/680B9144769A9F8F:
Red Hat Secure Boot CA 5 <secalert@redhat.com>

This Certificate Authority is used for Secure Boot.

  • Download: This content is not included.Red Hat
  • Key ID: CC6F:A5E7:2868:BA49:4E93:9BBD:680B:9144:769A:9F8F
  • SHA256 Fingerprint: 40:17:5D:4C:7C:5A:B4:BD:75:3A:49:3F:47:95:2F:1D:8D:CF:1C:21:9B:83:69:68:A6:93:E4:8B:D4:76:61:35

2048R/8ED29DB42A2898C8:
Red Hat Secure Boot CA 6 <secalert@redhat.com>

This Certificate Authority is used for Secure Boot.

  • Download: This content is not included.Red Hat
  • Key ID: E86A:1CAB:2C48:F960:36A2:F07B:8ED2:9DB4:2A28:98C8
  • SHA256 Fingerprint: A4:4B:DA:BC:05:B0:59:2F:BD:ED:9E:C5:D2:A6:5D:53:27:63:5C:03:F1:12:3B:63:67:4C:60:3A:58:E1:0F:2E

2048R/CA83CF505A887452:
Red Hat Secureboot 301 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: This content is not included.Red Hat
  • Key ID: 40:16:84:16:44:CE:3A:81:04:08:05:07:66:E8:F8:A2:9C:65:F8:5C
  • SHA256 Fingerprint: A4:1A:FE:C4:66:E8:5F:21:6C:3A:A4:68:CD:4A:41:E1:53:70:FC:54:04:84:79:4B:14:77:44:47:1C:09:CA:02

2048R/4A99B3D7490DA9E6:
Red Hat Secureboot 302 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: This content is not included.Red Hat
  • Key ID: 40:16:84:16:44:CE:3A:81:04:08:05:07:66:E8:F8:A2:9C:65:F8:5C
  • SHA256 Fingerprint: 00:D3:57:CD:7B:03:72:FB:D1:E5:4F:CD:BC:F3:80:D9:2A:C9:E6:98:D0:08:2C:AB:48:6A:17:7A:E4:CD:34:BD

2048R/C77C35D3961F405A:
Red Hat Secureboot 303 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: This content is not included.Red Hat
  • Key ID: 40:16:84:16:44:CE:3A:81:04:08:05:07:66:E8:F8:A2:9C:65:F8:5C
  • SHA256 Fingerprint: F5:AB:F3:D3:04:1D:7A:44:12:1C:0C:71:25:C3:D0:76:3B:78:D1:BA:36:77:D1:10:46:B4:DF:71:B1:7C:F5:FE

2048R/81EAB5F63D1D83F5:
Red Hat Secureboot 304 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: This content is not included.Red Hat
  • Key ID: 40:16:84:16:44:CE:3A:81:04:08:05:07:66:E8:F8:A2:9C:65:F8:5C
  • SHA256 Fingerprint: 30:C4:01:71:C1:DF:FA:1D:F4:E6:40:05:0C:E4:A1:FB:23:08:85:1A:A3:42:26:E2:0F:BA:6C:60:98:B1:2A:73

2048R/E4CA5C9647273E6D:
Red Hat Secureboot 501 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: This content is not included.Red Hat
  • Key ID: CC:6F:A5:E7:28:68:BA:49:4E:93:9B:BD:68:0B:91:44:76:9A:9F:8F
  • SHA256 Fingerprint: 81:CC:EE:97:47:E6:7D:D8:C5:E5:D0:8B:A5:B3:36:DA:9B:9B:CD:BF:F8:94:22:F5:A8:CC:2F:A4:50:B3:F0:3E

2048R/96B80DA7127E985D:
Red Hat Secureboot 502 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: This content is not included.Red Hat
  • Key ID: CC:6F:A5:E7:28:68:BA:49:4E:93:9B:BD:68:0B:91:44:76:9A:9F:8F
  • SHA256 Fingerprint: 3F:56:4E:F4:12:27:56:2F:9E:A4:5C:3F:D8:F9:6B:EA:9A:B8:20:52:47:EF:72:DD:02:5F:DC:D7:28:37:3A:00

2048R/918D0F196D56D92B:
Red Hat Secureboot 503 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: This content is not included.Red Hat
  • Key ID: CC:6F:A5:E7:28:68:BA:49:4E:93:9B:BD:68:0B:91:44:76:9A:9F:8F
  • SHA256 Fingerprint: 0E:A9:D5:B9:BA:C1:D0:0B:D2:17:66:BF:EF:6A:3B:B4:81:B8:AD:BC:78:DA:FC:51:56:73:C9:7A:B0:0E:44:1B

2048R/178ECEF7AE828A68:
Red Hat Secureboot 504 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: This content is not included.Red Hat
  • Key ID: CC:6F:A5:E7:28:68:BA:49:4E:93:9B:BD:68:0B:91:44:76:9A:9F:8F
  • SHA256 Fingerprint: 62:B5:59:EB:AB:B8:86:80:30:A6:A1:82:71:5E:8B:7D:C0:16:30:44:57:63:57:AC:5C:98:4C:E5:3A:7E:CF:8C

2048R/1FB0EAE4B7EE31E8:
Red Hat Secureboot 601 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: This content is not included.Red Hat
  • Key ID: E8:6A:1C:AB:2C:48:F9:60:36:A2:F0:7B:8E:D2:9D:B4:2A:28:98:C8
  • SHA256 Fingerprint: 8F:43:5A:96:26:1E:57:1E:D5:57:F9:24:3E:7F:E7:DB:5B:93:BC:8F:7E:EF:CF:C5:B0:C1:54:D5:D2:92:92:FB

2048R/5F87B531FE10BBA7:
Red Hat Secureboot 602 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: This content is not included.Red Hat
  • Key ID: E8:6A:1C:AB:2C:48:F9:60:36:A2:F0:7B:8E:D2:9D:B4:2A:28:98:C8
  • SHA256 Fingerprint: 75:17:86:34:D1:3B:20:04:FE:D7:C7:D9:E6:EA:5A:C1:56:1A:5E:D7:7B:F4:EF:EE:12:AD:92:A8:83:41:15:15

2048R/ABA7CD9E9C40CED9:
Red Hat Secureboot 603 <secalert@redhat.com>

This certificate is used for Secure Boot.

  • Download: This content is not included.Red Hat
  • Key ID: E8:6A:1C:AB:2C:48:F9:60:36:A2:F0:7B:8E:D2:9D:B4:2A:28:98:C8
  • SHA256 Fingerprint: 39:B9:C9:01:D3:0B:E9:9D:B5:E1:E9:4A:38:85:09:25:5D:66:E3:BE:56:81:7C:03:16:AD:3A:B8:8F:2E:67:74

Category:

Secure