Fingerprints
OpenSSL releases are signed with PGP/GnuPG keys. You can find the
signatures in separate files in the same location you find the
distributions themselves. The normal file name is the same as the
distribution file, with '.asc' added. For example, the signature for
the distribution of OpenSSL 0.9.7f, openssl-0.9.7f.tar.gz, is found in
the file openssl-0.9.7f.tar.gz.asc.
The following is the list of fingerprints for the keys that are
currently in use (have been used since summer 2004) to sign OpenSSL
distributions:
pub 1024D/F709453B 2003-10-20
Key fingerprint = C4CA B749 C34F 7F4C C04F DAC9 A7AF 9E78 F709 453B
uid Richard Levitte <richard@levitte.org>
uid Richard Levitte <levitte@openssl.org>
uid Richard Levitte <levitte@lp.se>
pub 2048R/F295C759 1998-12-13
Key fingerprint = D0 5D 8C 61 6E 27 E6 60 41 EC B1 B8 D5 7E E5 97
uid Dr S N Henson <shenson@drh-consultancy.demon.co.uk>
pub 1024R/49A563D9 1997-02-24
Key fingerprint = 7B 79 19 FA 71 6B 87 25 0E 77 21 E5 52 D9 83 BF
uid Mark Cox <mjc@redhat.com>
uid Mark Cox <mark@awe.com>
uid Mark Cox <mjc@apache.org>