|
GPG Keys
CFS uses a number of GNU Privacy Guard (GPG) keys to communicate securely. This page will tell you which keys we use for which purposes and how to verify those keys.
It is a good security practice to validate public keys that you receive and to only trust validated keys. Therefore before trusting CFS public keys you should attempt to validate the fingerprints from a number of sources, and not rely solely on this page as being authentic.
To verify an RPM package, run the command:
| rpm --checksig <filename>.rpm |
Package Signing
Software packages distributed by CFS are signed with the CFS public key. Available here.
You can import the file key either by:
or, simply:
| rpm --import http://www.cambridgeflowsolutions.com/support/gpg/RPM-GPG-KEY-cfs |
The fingerprint is:
| F430 8EF6 0D20 E8CE AE85 BEA9 8D05 1BD5 80E6 3B83 |
|
