Verifying OpenVPN Source Packages with GnuPG
Abstract
All current OpenVPN (OSS) source packages and Windows installers have been signed with the security mailing list GPG key. Learn more about OSS GPG keys here.
All official OpenVPN Community Edition source packages and Windows installers are signed using our Security mailing list GPG key.
GPG key fingerprint
F554 A368 7412 CFFE BDEF E0A3 12F5 F7B4 2F2B 01E7
Download the public key
To import the OpenVPN security key into your trusted keyring:
wget -O security-openvpn-net.asc https://keys.openpgp.org/vks/v1/by-fingerprint/F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7 gpg --import security-openvpn-net.asc
Verify the file signature
Download the
.asc
signature file and the corresponding OpenVPN installer or source package.Run the verification using GnuPG:
gpg [filename].asc
Important
Ensure the signed file (e.g.,
.tar.gz
or.exe
) is in the same file directory.
If verification succeeds, you'll see output similar to:
gpg: Good signature from "OpenVPN - Security Mailing List <security@openvpn.net>"