Validate signature for Red Hat agent installer

Overview

This article shows you how to verify the signature of the Red Hat Enterprise Linux (RHEL) agent installer file using Red Hat Package Manager (RPM) and Code42's public GPG key.

Considerations

This article assumes you have basic familiarity with Linux commands and managing RHEL packages.

Before you begin

Download the Linux agent from the Code42 console:

  1. Sign in to the Code42 console.
  2. Navigate to Administration > Agent Management > Downloads.
  3. Click the download icon for the appropriate RHEL package.
  4. Note the saved location and filename of the .rpm package.

Steps

  1. Copy the Code42 public key below and save it as a text file.
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBGFAxEYBCAC0sVyp1v+nl1JRhwqg/AC5IuhWsArvEtOEpAIKHkkBHpG/a85U
CH3l3gZhFGfrxz7sbfQMZLpYkbyTRGIBhH77tkPxVuCo1lDe+89Pb37uJwiIq9iA
UrcGJHP0lbv7IauH17biPFwDl2SCD+ufIqF33b2YSH67aeoPM5zhGc2Hfzgb86WT
R87pjXhjOb5bEUTUdvBalaLUTIyU28BeRCFZNK6TtnKmPM7f/YyhQ1KFy3ULGJUH
313eaR2IusodSEV3+1b41Fsccwt2prEg+g0OTpc5otEjPrskyrmCIgdnVZ497qZE
02L0zgrr6F9uS1+9G/o01RNOhzHtRV8k/V3JABEBAAG0O0NvZGU0MiBTb2Z0d2Fy
ZSBJbmMgKFNpZ25pbmcgS2V5KSA8Y2VydGlmaWNhdGVzQGNvZGU0Mi5jb20+iQFO
BBMBCAA4FiEE+wqhexSuRycDnLHFX9yisutY9dAFAmFAxEYCGwMFCwkIBwIGFQoJ
CAsCBBYCAwECHgECF4AACgkQX9yisutY9dAOcQf+OET0vczKCZHYvvJkuQK4ZYnO
I11ua0SyU3+DrRSNgOeXH/3bv7m6unY50WzC7U9I9kEaGO62DjwsR7EdD52fnguR
cmc5Xxm/yelzWqnE2dI9A8VCWHkvZN+65LVG3BlZWE6/gJl4pSSB5PF0VyWuDPoY
6VUojd4bYtzHJhGlFDgf/6hWwkDkl3Ryajf2A52f8xhPrcv2RKkDWwwelm2SWnkn
HCJnIKcS6OGIn8zVJuJAuDny0aX9KJyct2urr2fpcGMPMwF8HRLjpDcObQZVsI2s
8yeEueKvJAsDxjNU107DWKhEb9wGCXGjSJNl+MdDBF+CCL5WVnSLmAKhcJgkfA==
=iIPD
-----END PGP PUBLIC KEY BLOCK-----
  1. Run this command to import the Code42 public key to your local RPM database. Replace /path/to/key with the path of the key file created above: rpm --import /path/to/key
  2. Run this command to verify the signature of the agent installer package. Replace example.rpm with the filename of the downloaded Code42 agent package: rpm --checksig example.rpm
    A response like md5 ok, digests signatures OK, or digests ok indicates successful verification and that the package has not been corrupted or tampered with.

External resources

Related topics