16.1 Verifying Package Authenticity
SUSE Linux Enterprise RPM packages have a GnuPG signature.
The key including the fingerprint is:
1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <[email protected]>
Key fingerprint = 79C1 79B2 E1C8 20C1 890F 9994 A84E DAE8 9C80 0ACA
The command rpm --checksig
package-1.2.3.rpm can be used to verify
the signature of an RPM package to determine whether it really originates
from SUSE or from another trustworthy facility. This is especially
recommended for update packages from the Internet. The SUSE public
package signature key normally resides in
/root/.gnupg/. The key is additionally located in the
directory /usr/lib/rpm/gnupg/ to enable normal users to
verify the signature of RPM packages.