Skip to main content

Verifying OpenVPN Source Packages with GnuPG

Abstract

All current OpenVPN (OSS) source packages and Windows installers have been signed with the security mailing list GPG key. Learn more about OSS GPG keys here.

All official OpenVPN Community Edition source packages and Windows installers are signed using our Security mailing list GPG key.

GPG key fingerprint

F554 A368 7412 CFFE BDEF E0A3 12F5 F7B4 2F2B 01E7

Download the public key

To import the OpenVPN security key into your trusted keyring:

wget -O security-openvpn-net.asc https://keys.openpgp.org/vks/v1/by-fingerprint/F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7
gpg --import security-openvpn-net.asc

Verify the file signature

  1. Download the .asc signature file and the corresponding OpenVPN installer or source package.

  2. Run the verification using GnuPG:

    gpg [filename].asc

    Important

    Ensure the signed file (e.g., .tar.gz or .exe) is in the same file directory.

If verification succeeds, you'll see output similar to:

gpg: Good signature from "OpenVPN - Security Mailing List <security@openvpn.net>"