GPG signing

GPG keys are different from other private keys because each GPG key includes a master key and associated subkeys. While there are no technical differences between a master key and subkey, the responsibilities of these keys remain separate to enhance security.

We recommend that the master key only be used for creating subkeys and the subkeys be used for signing. In the event that a subkey is compromised, this will allow you to revoke and replace the affected subkey, while the master key and uncompromised subkeys remain secure. The identity of the key is associated with the master key; therefore, if the master key is compromised, the identity of the master key and all associated subkeys are compromised and must be revoked and replaced.

Tip

For more information about GPG keys and how to create them, refer to GPG keys.

Prerequisites

Install GPG
Install and configure one of the following:
- Software Trust Manager SCD (recommended)
- GnuPG PKCS11 SCD
GPG key

Sign with GPG

Sign with GPG using a Smartcard Daemon (SCD)
Sign RPM files with GPG and RPM signing tool
Sign with GPG using PKCS11 integration

In this section:

GPG signing

Tip

Prerequisites

Sign with GPG

Search results