Package Signing Key
NOTE: Prior to November 12, 2013 the “SUSE SolidDriver Program” was known as the “Partner Linux Driver Program” (PLDP). Though the signing key still reflects the old name, it remains valid as described here.
Some of the packages and installation repositories hosted on drivers.suse.com are digitally signed with a package signing key. In order for SUSE installer to verify the authenticity and integrity of the packages or repositories the public key needs to be installed on the system.
The purpose of the signing key is to enable users to validate the authenticity and integrity of the packages or repositories to be installed. The SolidDriver Signing key authenticates the following:
Package or repository was built in the official SUSE SolidDriver Program build service.
Packages are fully supported by SUSE and Partner company under the same terms of support delivered with SUSE Linux Enterprise server products.
The contents of the package has not been tampered or modified by a third party
SUSE recommends verifying all package signatures of all software before deploying on SUSE Linux Enterprise installations. The SUSE package installer (YaST or zypper) will do this automatically. The public key must be installed as trusted before the installer can verify packages signed with the key. If they key is not installed rpm will output the following warning when installing a package signed with this key:
warning: example.rpm: Header V3 RSA/SHA256 signature: NOKEY, key ID c2bea7e6
rpm --checksig will fail with the following output:
# rpm --checksig example.rpm example.rpm: RSA sha1 (MD5) (PGP) md5 NOT OK (MISSING KEYS: PGP#c2bea7e6)
To avoid the installation warning, and to be able to verify packages signed with the SUSE SolidDriver key, Download the public key from here and install it using the following command:
# rpm --import gpg-pubkey-c2bea7e6-4c2de264.asc
The key can also be installed directly from the drivers.suse.com server:
# rpm --import http://drivers.suse.com/keys/gpg-pubkey-c2bea7e6-4c2de264.asc
After the key is imported, you can validate the packages by running the
rpm --checksig command. A valid signed package would give the following:
# rpm --checksig pldp-example.rpm pldp-example.rpm: rsa sha1 (md5) pgp md5 OK
Installing Driver Kits
Driver kits (driver installation repositories) hosted on drivers.suse.com may also be signed with this key When installing the driver kit on a system where this key was not previously installed, the following (or simlar) message will occur:
New repository or package signing key received: Key ID: 79144284C2BEA7E6 Key Name: PLDP Signing Key Key Fingerprint: D59857D5CA0058DA627C5D7779144284C2BEA7E6 Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?](r):
In this case, the key’s fingerprint is displayed and can be used to validate the signature manually. Find the SUSE SolidDriver (PLDP) signing key fingerprint below.
Signing key fingerprint
pub rsa2048/C2BEA7E6 2010-07-02 [expires: 2024-05-02] Key fingerprint = D598 57D5 CA00 58DA 627C 5D77 7914 4284 C2BE A7E6 uid [ unknown] PLDP Signing Key <firstname.lastname@example.org>
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2 mQENBEwt4mQBCACj+PiwTSoAXAo5bIaH5pyn3XuapCCgYFB7NFcNfS0DJiCbKCh0 835VKX52ThL85KGcJ3dKmyXiUAK/DVO9gWotUBkHo9vBhpOygyWEf2RHntSACRYc L/ffykl0QjRm9dUX5/0aj6H9OI0lsPInSkkfX04EhmhytdK8dPHKlB1SoBGY0ERX Y/gmfXp77dyisB1VnOeHHWnag6hynUSBsenYUoBs7TZYNeat93clLOWisH1sQnS4 BB51n6RtKy1IrA8CXds7prFdDKgN4YinGlGNVxDGcM9rC7yE+vl/WqgXYMKSz2Gq +HrMvoGrx1xdeNhXceCNh+6CTmRzzh0W3VU7ABEBAAG0H1BMRFAgU2lnbmluZyBL ZXkgPHBsZHBAc3VzZS5kZT6JATwEEwECACYFAkwt4mQCGwMFCQeEzgAGCwkIBwMC BBUCCAMEFgIDAQIeAQIXgAAKCRB5FEKEwr6n5mz6B/4ucUNWl4UY+1r2cBtPy2qm UZPPuLibkoyaI6mRyU1acqgjyMb79EFAX9SMc3EY5Pp6VeIlvPSf09EVZsnTSOH/ CcEv00h1fYHPRuZOUnvtGEWnEbBWDq1GFjUy0mz6M6xGdswpPX8PAAaDYJcjbt4w vtv6D+xhZv8we3mIR1GME7uRExqVO9PPOcRMDyvT6uTPWmasxVCxukSWy0NqfmJx fCvXjXPaQOEBOYu6Cg+gpMyeMvbBYHNZrmzgX8MMmL6KwhUCp9hbsNUWqB1rLJ+g fxKqgE1uoaur/npCFaZTIBsiCPsIKp7Ne7jzrER8QNx0JLq9ZnGhXLs4PffxFdP+ iQE8BBMBAgAmAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AFAlNnTnEFCRoFbw0A CgkQeRRChMK+p+ZQmAf+JFWMEaRNC7/4Xebid3yLOfiDDEzGumWuU0S5tFymv2xG RWD/pxCUh3i54uRVMmMjwbHlmWUK//dfiu554KGdxHkpYTgJFU9QWJ+W7jRNtbkK S17OSJpziOIcwZ2CpJsOMqSUFQNMm0X9qglkHoR+4grI9f+sKbviYgBwFScTpJHt tLSP4COidVn7Jn6AOHFiIXQLr+OXTBv07H0WXRE88f4OGdqjn8KXz1oDM1Prx81B qCvxkEEWXHGxS4UpyfGySPDQFA9rGwF1AZaR14XtD1QdzT+RB+WKJb2sdfqBIn/g mtpIbrRlcn4tdP5/ZjRxr3Fd66c62lCVSYon+rhiQQ== =4Rwe -----END PGP PUBLIC KEY BLOCK-----