Fedora uses a number of GNU Privacy Guard (GPG) keys to sign our software packages. The necessary public keys are included in relevant products and are used automatically to verify software updates. You can also check the packages manually using the keys on this page.
To verify a RPM package for a Fedora product, run the command
rpm --checksig -v <filename>.rpm
The output of this command shows if the package is signed and which key was used to sign it.
Please do not send messages encrypted with these public keys.
4F2A6FD2: Fedora Project <fedora@redhat.com>
This key is used for signing all Fedora Core releases and updates.
Location: /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
Download: Our website
Download: pgp.mit.edu
Fingerprint: CAB4 4B99 6F27 744E 8612 7CDF B442 69D0 4F2A 6FD2
30C9ECF8: Fedora Project (Test Software) <rawhide@redhat.com>
This key is used for signing Fedora test software such as beta releases.
Location: /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-test
Download: Our website
Download: pgp.mit.edu
Fingerprint: 3166 C14A AE72 30D9 3B7A B2F6 DA84 CBD4 30C9 ECF8