Release media signatures

Our current releases are signed with either of these keys or any sub keys:


Key fingerprint Gentoo package Description Created Expiry
13EBBDBEDE7A12775DFDB1BABB572E0E2D182910 sec-keys/openpgp-keys-gentoo-release Gentoo Linux Release Engineering (Automated Weekly Release Key) 2009-08-25 2024-07-01
DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D sec-keys/openpgp-keys-gentoo-release Gentoo ebuild repository signing key (Automated Signing Key) 2011-11-25 2024-07-01
EF9538C9E8E64311A52CDEDFA13D0EF1914E7A72 sec-keys/openpgp-keys-gentoo-release Gentoo repository mirrors (GitHub) (automated git signing key) 2018-05-28 2024-07-01
D99EAC7379A850BCE47DA5F29E6438C817072058 sec-keys/openpgp-keys-gentoo-release Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key) 2004-07-20 2024-01-01
ABD00913019D6354BA1D9A132839FE0D796198B1 sec-keys/openpgp-keys-gentoo-auth Gentoo Authority Key L1 2019-04-01 2024-07-01
18F703D702B1B9591373148C55D3238EC050396E sec-keys/openpgp-keys-gentoo-auth Gentoo Authority Key L2 for Services 2019-04-01 2024-07-01
2C13823B8237310FA213034930D132FF0FF50EEB sec-keys/openpgp-keys-gentoo-auth Gentoo Authority Key L2 for Developers 2019-04-01 2024-07-01

Verifying files

To verify downloaded files are not tampered with, the .asc signature file matching the release and the matching key from the table above are needed.

Fetch the key:

gpg --keyserver hkps://keys.gentoo.org --recv-keys <key fingerprint>

Alternatively, fetch a bundle containing all listed keys:

wget -O - https://qa-reports.gentoo.org/output/service-keys.gpg | gpg --import

Alternatively, use the Gentoo sec-keys/openpgp-keys-gentoo-release package:

gpg --import /usr/share/openpgp-keys/gentoo-release.asc

Verify the signature:

gpg --verify <foo.asc>


Detailed instructions are available in the Gentoo Handbook.