Software Delivery Repository
Software Delivery Repository | Getting Started | FAQ | RepositoriesPackage Signature Verification
All software packages provided by HPE are cryptographically signed for your protection. By enrolling HPE's public keys with your software package manager (rpm/yum/apt/zypper), you'll know the packages you're installing are in fact from HPE, and have not been modified by anyone else. For more information on HPE cryptographic signatures, please refer to HPE Linux Code Signing Services . |
hpPublicKey2048_key1.pub
|
HPE Public Keys
It is suggested that you enroll all keys to verify current and older versions of packages hosted in SDR repositories:
hpPublicKey2048_key1.pub | for packages published during 2015 | fingerprint: B1275EA3 |
hpePublicKey2048_key1.pub | for packages published after 2015 | fingerprint: 26C2B797 |
hpePublicKey2048_key2.pub | for packages published after 2024 | fingerprint: 74C3A4A2 |
Enroll keys for RPM-based systems
Issue the following commands to enroll all keys on your rpm-based system:
rpm --import https://downloads.linux.hpe.com/SDR/hpPublicKey2048_key1.pub
rpm --import https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
rpm --import https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key2.pub
Enroll keys for DEB-based systems
Issue the following commands to enroll all keys on your deb-based system:
curl https://downloads.linux.hpe.com/SDR/hpPublicKey2048_key1.pub | apt-key add -
curl https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -
curl https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key2.pub | apt-key add -
Verify an rpm package signature
# rpm --checksig hpacucli-9.40-12.0.x86_64.rpm
hpacucli-9.40-12.0.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK
Verify an apt archive
Debs are differnt from rpms in that they are not directly signed. Instead, the apt index, which contains package checksums, is signed and verified. If "apt-get update" completes without a GPG error, your keys were installed correctly.
Use "apt-key list" to confirm your HPE public keys are enrolled:
# apt-key list
pub 4096R/74C3A4A2 2024-09-05 [expires: 2034-09-05]
uid Hewlett Packard Enterprise Company 2024-10-1 <signhp@hpe.com>
pub 2048R/26C2B797 2015-12-10 [expires: 2025-12-07]
uid Hewlett Packard Enterprise Company RSA-2048-25 <signhp@hpe.com>
pub 2048R/B1275EA3 2014-11-19 [expires: 2024-11-16]
uid Hewlett-Packard Company RSA (HP Codesigning Service) - 1