Signing Keys - Support

The SUSE Linux Enterprise product repositories are signed by GPG keys, ensuring the integrity of our software delivered from our systems to our customer systems.

The keys themselves are directly on the DVD/CD media e.g. in /content.key files, in the "suse-build-key" package, or in the "repodata/repomd.xml.key" files in the update repositories.

They keys can also be found on the common GPG keyservers.

Package and repository signing key for SUSE Linux Enterprise 15 based products

Mid of 2023 we will change the GPG signing key for the SUSE Linux Enterprise 15 products, and products based on those (SUSE Enterprise Storage, SUSE Manager, SUSE CaaSP) to the following RSA 4096 bit key. Note that only RPMs and repositories updated via Service Pack or Updates will change their signature. GA repositories and product media from older service packs before the key switchover will stay signed by the old key.

pub   rsa4096/0xF74F09BC3FA1D6CE 2023-01-19 [SC] [expires: 2027-01-18]
      Key fingerprint = 7F00 9157 B127 B994 D5CF  BE76 F74F 09BC 3FA1 D6CE
uid                             SUSE Package Signing Key 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.15 (GNU/Linux)

mQINBGPJSBwBEAC+sp2UJHVei0aAkvnEeeuRrIbzyWotRYuDgdWzS4V01alxFl97
ZPA6syyyZpITGP6fLP0AG0KipXABcYdaF7iFGKnhm6v5ExQ+Aft9SNaJmGqxwPng
2jHGoaovbcOrvpix1INwPlxyxAaKfCtdH6kE9ZBzZXKHhDwTuBAyIJmvz5P4djxs
RFxryZ2wq2IbhT/eu5b+3QRdeOHhbP/K2ZA+jd4Ct6uSyEAV0n9D5rVrtKhYqzp7
zXPYntFW9IgEC/HisQ3TcDhKqK0xfxsQAYjsrvrbhc2O1sHWfhDEqV7W8yPrEbH2
NTWmQxiSf4ZEJsKOZa6TI4fOS89OPRRIC0Ec+mFWHHSfhGaiK0g59TSuBECke7jV
hgwLKa0WGzxhYaZ/dPxjke9MfHPIlCrwfH4tKsEY5Cy+GQWwt8s7J9lK1gEGz0c2
nLA4PBDCPqKB/+GEHkF+hyN1GHlhoY78mJ+c/QHyTv/DYOvS3jr5RaJYwKkBHS+0
5pBUGW6PANT6yoDGOGLaq7hJLdeAwW+qLSfFSxBOnjBrtBV4Pqj1kbzCKFBGgazF
UPhWOSRms8erkr4ltGtUPDJxna16uoTZaYkjn7fZ/3iTqVgnSC/sOJM9KpA1kFrg
5R1OdTzymu7OwH7cmPSn0Yyg1BlU3K8EYFRFfhKptcNzuwERIAdcY39QnQARAQAB
tChTVVNFIFBhY2thZ2UgU2lnbmluZyBLZXkgPGJ1aWxkQHN1c2UuZGU+iQI+BBMB
AgAoBQJjyUgcAhsDBQkHhM4ABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRD3
Twm8P6HWzozMD/9xq1D3I+YWyrKJJRhyX8O1x3oYwayo1Si8VaqHUHMx5vL4VGub
cCGieg6+9cwbGVVqh4f0wozrrllTgwXuepzivvwlQnZ/cfdjYwV961MTl2/+0JD3
Hv39ef78DSU7iq8Pa22MPbXiliRvm3YJEsBnPRxDnGdGKDvLXlwugmHwHQXUTUvm
XpipD19xgJ+FUKxbsHudiFBHAfvzmvckn2wsz6pIasAH8PoWFyyoYbGbffDBx17v
YHhkZODadeD9N5lyo/mNkjFjTgHSTDYuhsor2AkSe4ptyY6EWONGg8ezqLLqJgWj
KcI3o0dOf1dpIIubkbrnshul/tT5DHQrKqqPDu6zuloKOSdKBWwh2zDPGYVGmii6
E/YKw8+lgTBs4Xuz4IxPhD/mSjLrADjuObhZhwQuM71SkQlScX4NhEeWoWfBg1k2
2V7zU6lGodEx5QtmeMe3yhMsTUBn9ls9VR+Zr6N1rhcubDwDu5JLbbUyNBOiqDc9
yQbIOD9bBG+XTxzs2VsAFkKWuW8opSJIDQ1LDg9pKF10IjrSyb+ln4OuRwQK5LHy
mGllHiz1Feivf6//Tb63qgd3k8HtwdjeK5YuXM1LwnisIhfZuhKWm2gdzKCvdGsn
Y0bH1r5E/rCFhRii/iyCxZN/2KIg/dHo8BXoh5zvzJ1XZ/bgiDnWSkQvdA==
=umXA
-----END PGP PUBLIC KEY BLOCK-----

Reserve package and repository signing key for SUSE Linux Enterprise 15 based products

In case of a disaster recovery event where the previous SUSE key would be lost or compromised, we also provide a reserve or backup key for RPM and repository signing.

pub   rsa4096/0xA1BFC02BD588DC46 2023-01-19 [SC] [expires: 2033-01-16]
      Key fingerprint = B56E 5601 41D8 F654 2DFF  3BF9 A1BF C02B D588 DC46
uid                             SUSE Package Signing Key (reserve key) 
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGPJOdsBEADHSc5hN8dltyP/10MmbsgMJJyCqXpnLEkg7Mpzh/v7lRaw3GoR
q9J+VISzR8wHPq3vCuTTxJEl4zaMOlaqRDp7cNkJAcUKTS0VH3SCpef/936j98Ad
EtIfB1XXuUl+Lo/5f29UOuhDDtjUgx/wrEmXfgXvRi/4HZVPxepaQIIqas3avI9r
kuvCc1neCNtWr0OCIBH9eIXZaeAwjoEMitGZZJcd9kyVezfTztpLNe4YJ5U8NBul
KclsNfxfemie7Y5U18RCkmo+1CJSGUO49l8QNHM8Cz5H9BQMwRpdTxWra9ARFSF9
I3Jtj/LesXZgxBs3YbrlYUEr11rLqi2Tq96VhxUrHGc95Kr4PBQIq00s5MR03Akh
HNKxrLFWOhZOJKwEaaKKlL50LBFEZxLceoRxIoJvCURmWG7A800PfXfMyl8qevg1
e0bTdY9MLZxfQgq0Q8K0tuAj7ZUe/rgySwNZKyLWDIhZfGynKdkwDoNDF5tZ8VvC
3aeovgSBiotnHu7CmqyOXNJyrWbkUL92Piww7Xw3x7ouopXQtXLH8v5U07zW9T0L
b+OWbljluvizIV+6BFMcGT88TDqyF5eiDyS11HI2B7RMSvcABpmgxsl8NNaxTJua
8yWP1Mc5F/QkQU9wqNMeI0zR0SfO4F42FhIrD1psMEL6uHBEkKD6zrZN4wARAQAB
tDZTVVNFIFBhY2thZ2UgU2lnbmluZyBLZXkgKHJlc2VydmUga2V5KSA8YnVpbGRA
c3VzZS5kZT6JAlQEEwEIAD4WIQS1blYBQdj2VC3/O/mhv8Ar1YjcRgUCY8k52wIb
AwUJEswDAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRChv8Ar1YjcRuH2EACV
7tSymShwSRFRDGOap1zsjy9yqU2TXtlWi0YXZUoUPj2TnEBH9IC2toEHu3+IVPMW
jsSe+4xaiBFXhTVmW4Y7/66zxwZKOkwTRV8yUgwuRlAuC3s57xR8X2nCng9xchan
IQ+h2KWzmc+Gs1tX+fUtoP27UT3SfYJYStXndaxmEIsUbVQlTDr8A4sweM1iZx65
jhu872OlgaYpO6QhDRl7UJjZAtQc+PfxdEYFq2tucKRJu0CHivQJN7/Gj4kQl55h
yAlGIJ0Lb+njzUUXlaMPdyKm+4yiFH5j4fHuG8lfrFIqmF4RIAeYWIH5RRzyAqOj
uLz0ZYnWl49++q6OAN1gHcFl+fC42D+zvpfx3gkNGG/RDgIdpkAPbeA+jIG16ns8
wrO0ygNO6Nrr88KTRHmJpHX+CF6Lb6eYAhItRIQflH4tiNadc4Zib0hbdq/eTnB7
o34MSOKOpOtijTmo5VJLJAe50jAUu+xagH9npjf30fKyf7Vh0wwlSXJLmd6YinkJ
IMzePT2d3YuIS8CcpXs3HewAGuaDux/gvN4FSBc4Hnu+Dh6BIbNHb/1kS1Dxm3Q5
d4wYKnJZXGczheIqBM3GhlOmzgy6/l/9QShOD5OmNz6u+DkbobLg+Vi/wT2lpYTT
oTPpgdsFl/g0pEYgwo1+V58asIEF2lx+EpXTjZtGtA==
=Tc4W
-----END PGP PUBLIC KEY BLOCK-----

For SUSE Linux Enterprise 12 and SUSE Linux Enterprise 15 and products based on those (SUSE Enterprise Storage, SUSE OpenStack Cloud, SUSE Manager, SUSE CaaSP) we use this key:

pub   2048R/0x70AF9E8139DB7C82 2013-01-31 [expires: 2024-09-20]
      Key fingerprint =  FEAB 5025 39D8 46DB 2C09 61CA 70AF 9E81 39DB 7C82
uid                             SuSE Package Signing Key 


-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFEKlmsBCADbpZZbbSC5Zi+HxCR/ynYsVxU5JNNiSSZabN5GMgc9Z0hxeXxp
YWvFoE/4n0+IXIsp83iKvxf06Eu8je/DXp0lMqDZu7WiT3XXAlkOPSNV4akHTDoY
91SJaZCpgUJ7K1QXOPABNbREsAMN1a7rxBowjNjBUyiTJ2YuvQRLtGdK1kExsVma
hieh/QxpoDyYd5w/aky3z23erCoEd+OPfAqEHd5tQIa6LOosa63BSCEl3milJ7J9
vDmoGPAoS6ui7S2R5X4/+PLN8Mm2kOBrFjhmL93LX0mrGCMxsNsKgP6zabYKQEb8
L028SXvl7EGoA+Vw5Vd3wIGbM73PfbgNrXjfABEBAAG0KFN1U0UgUGFja2FnZSBT
aWduaW5nIEtleSA8YnVpbGRAc3VzZS5kZT6JATwEEwECACYCGwMGCwkIBwMCBBUC
CAMEFgIDAQIeAQIXgAUCX2himwUJFeKaMAAKCRBwr56BOdt8glQcCACXQAkHKf0y
7EPlayuX/EHc8sro4IAJDZqQFiPaJh8F+5HWD36+iw3D/HlOlzbd2y9oVqtbVDZV
amOJ0KV+l2oxPbMVg32plYGXLlXh1Gwp7/lLWieceXVzf3AbleejgXfafUyiCuvj
VaQyPNcGlEXIjiwi3qulw0+2rYAiUAf6KEq4wM9a/KLTLMhvxi2NigC+MiIbZtmt
HlpFhMkp+Bdpdcqtz6cAucE3dSpVQcvkfNLOkZgrtkZfzkNBPaWnyZLtWdSrQah2
vdIQX+RvMYVAQP4x+aL44ALlhnyeUST0wIX4AH82ifSnpvz/rEb1kpERj3XhwW+N
NPBstHtGpA+l
=cJ/8
-----END PGP PUBLIC KEY BLOCK-----

For SUSE Linux Enterprise 11 and products using SUSE Linux Enterprise 11 we use the following GPG key:

pub   rsa1024/0xE3A5C360307E3D54 2006-03-21 [SC] [expires: 2022-03-14]
      Key fingerprint = 4E98 E675 19D9 8DC7 362A  5990 E3A5 C360 307E 3D54
uid                             SuSE Package Signing Key 

-----BEGIN PGP PUBLIC KEY BLOCK-----

mIsERCAdXQEEAL7MrBTz+3SBWpCm2ae2yaDqV3ezQcs2JlvqidJVhsZqQe9/jkxi
KTEQW5+TXF/+BlQSiebunRI7oo3+9U8GyRCgs1sf+yRQWMLzZqRaarzRhw9w+Ihl
edtqYl6/U2JZCb8Adp6d7RzlRliJdJ/VtsfXj2ef7Dwu7elOVSsmaBdtAAYptChT
dVNFIFBhY2thZ2UgU2lnbmluZyBLZXkgPGJ1aWxkQHN1c2UuZGU+iLgEEwECACIC
GwMECwcDAgMVAgMDFgIBAh4BAheABQJaqpClBQkeD0FIAAoJEOOlw2Awfj1UeSEE
AItAomled1lY+qcJXOKjNA6NKFBwbnRC6IZ8jMIBmq6MO9KK4lkbEiFdRB98klJ0
kofFjO0DryFyfvHEBYPwko2HPpVHp3QKMjwhvayUIAaCZg8eRq/7nE2KNlkHBHmg
raADZbBA/ktXY3qt1yTePb8Sw29/mN3/hrfEdjCs6Cgy
=blUq
-----END PGP PUBLIC KEY BLOCK-----

SUSE Liberty Linux 7, 8 and 9

For our SUSE Liberty Linux offerings, we use the following signing key.

pub   rsa4096 2022-05-30 [SC] [expires: 2032-05-27]
      F8CD9BBD5C9614F95CA85788177086FAB0F9C64F
uid           SUSE Liberty Package Signing Key (v2) 
sub   rsa4096 2022-05-30 [E] [expires: 2032-05-27]

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGKUlvEBEACw6ug98PMuaJc7V9FZpPN0Va8/06UE8AMgGdtR4NDiLrGopSNA
PS+i7eaHYOmSMqsmbjrHgWp69pdXR+A33eDzBQPKIgKl9TFEvdH8n7Qp2jekjcpY
NCis/tWimwfkYROFJOZR4h17hZtjg69Be98CuFSC9eY0cAU4j7CYNgsySLEjKYBB
coO/+jgVlGciW+kXKgerTBjyLsrg2vmxMEpz6XejjwCVX87xs/MEETbJDBzvgLEF
//BoZmGMKk9M0BwJS/auDCRKkICj3qKSOGOMxxCmE2jf9OjkSZ2+H1n+qCjx3be1
iSjcK+KHKMhez0MXKvl8CAOidWZxO+4KfAqZ7jDMYVJpaviipgpFOfn9iyL7K1NV
uyopRKARfgBvQ6vPro/RxhvGk1U0jNv0LQI507fx1fYHJZ7HbkLdkNVAKr1PH7gY
xDkclus0z5mpD5xErMbzjT8lJyGFLgcaIqHuS2wUAdtc9FspK3ILjO2dhm8v7ZOn
P7vlZUnz6cgrmxIgJCmxxEgyHWQskEwQ/UPkMJ+3YsY0oBagPNPsHJ+Aj1ka/w/U
5rjm0ghnqpHI7QSNx5DMacsrlQNnDFOOOsGTzAwonuSCRX6N96kpY9xHxehX+6R+
Pouo/tHjHdzeHjU/bqx+FY7EJ3BEKew7VgvRwqfBe7vZ0uL9dqPMJbL7pQARAQAB
tEVTVVNFIExpYmVydHkgUGFja2FnZSBTaWduaW5nIEtleSAodjIpIDxzdXNlLWxp
YmVydHktYnVpbGQtdjJAc3VzZS5kZT6JAlQEEwEIAD4WIQT4zZu9XJYU+VyoV4gX
cIb6sPnGTwUCYpSW8QIbAwUJEswDAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAK
CRAXcIb6sPnGT0TaD/9k+OkMSypTKHgsbwp0zTxKuamroq8Xc4t1ngr4ePbMKjdC
lgEdzayLdHD/z2iHE4SWkZaxIFhpgaOLTYH4tYzeYI1dprX196EL0ZJSedyhbRTa
J6Ql5htNhBXIU8FhYdDqzx/We2SJ1TNx4ccS8D+00pxi+bda9Es6D4+YrP7zEy47
dhSBdX07fTDXfkIDUw1anneciP4OUfCMqGrY9O3Z+fQ2dvUy5upI1z5/fdsp/Vjd
HgBgHy45pYLTStFdDPnizvBc4vWh1w5PtOxwtBKld8Hhw+E8/DIg5VYf2SVMPgNd
KQgOFY5/DQs0Fp83uhQRw7lBx0l4eackqyC2g6jgs3AyspNuV9FPebQZkIeoEZb2
ivzjnTZZ7CDUxyAAsZ5mZCc6rD9soWC5f6Bagoy2AV5qx6OFZfZ+K6WQq5KSGCSP
zUZTtu5UvKNNcOsexBYIKqac/si7f5bQB3JkghZt6p7rUWw1VnwdDDSXCRqkhcVC
Dg8V+Qg703+o8ivwJzBhoJiEog08cOs4lQT7hD+3DMsMRmeeR14UxWHOcLf3y/Dd
EQwclRMvNtYdoKD+3Hjgy2tcRZLds4Xsu7M+eVS3YT34YSlAVr3j8mDS5CmyxaAJ
RluF4a1yd7EeXNpxUnA396hxU190KGN9umn9rXvaOvHA5QmHyfi1YfhZshoCO7kC
DQRilJbxARAA70mR8MBjhod96tTrag6wBZynQwFZ1roXaeOhD+zPd3+Ye2R0dRdw
1Ht+HEaIt5VjTNu9NglEJvebbXEHG71qSmjRdqb0gRf1ftbJRkzp0qPPV8NLUuKs
PW22q255o8tmNPX5PJ3/rnxn3JUEah+iB1uhgOtsl0drQqkmgRUl7OvbaL1yVwJc
weKvL2G6W/ZtosDY3/7cfwZ21twxs1c8tcyBD6+66/WQvE2gK+9m9rcWZ3n1Losg
dePG5IjLElMXSiEC4wsgK1bNBgI+Hbpc0bifxOBmG0Iu0pIfYFvIDOcSgygX5gn/
zPZ9kzYnZgWQ6PNGuoo4OqX9cFod5Em8xs+zw2J88Hz8szu82WqLrc9W9iXmbqnB
VPsha7anQBDtCzH+yw6j/deqcK57G5YXWkZVfoTTp5ZUhbKSTLBeHwzS4FfgQoWg
wrIU5Yatwioi+10wKY5pxHFMTRJI+HMC7oCe0l0M6RqBQIvFDNnayGNRG+mK98OR
JCFu0bLz3O8knHifl2jkDHiVVJqsS32JiiSj9lMP5ZAGxRr6hEd2+x5/WvX+77Ej
xyUol4p4WcQPzIvOfxNyye/XDiVEPzLw5HhIQlTeoReYhtUDiAdr+U5QkuSQIcvn
Ct/QJzr2BW4wu8F4HBz+7ahXeC+A0RukEIcFXv01kXP7Qltyrb6P/vMAEQEAAYkC
PAQYAQgAJhYhBPjNm71clhT5XKhXiBdwhvqw+cZPBQJilJbxAhsMBQkSzAMAAAoJ
EBdwhvqw+cZPNygP/2WHiZe19Qgifwt0ecHkq6DkM+W5O+QKUhYEq+bvTg7xvQeQ
lqwtrBMIfWVEpgZWtu1iXkqJj2JVPJ7Kobr9Z8EKC//n801D84LywUi3N+jnAxLy
BZunu4D4NNkNeL7vd4CfjnuhE5unU2nxXyx9aewWqPPQGavi5hjrqc/+igQLq4rw
tFSVK0YrZN2k5jffwNDuhu4IlCt6CcmLBFSqSVRJK/AtS3fyXzs2/IabwfAhaOIi
dGnSy3KCiPQi8jXBqREHQaTyV2z+ZQTvCxkQmN13CLJT1IbFYfUsH9+o6IMv6oAn
a4E4QFsDyTX7v2heEraoXUXP9BZzWGOS0MuoBTrC0kJdzIphzasL/NfRQ+W+95Y5
jgv3g3qANOBZcUSY3unROU7YD9RHS06OkfVFW3KIXZT/ib00KYxSdN/m5IXtMu5d
pHlrLKOPpI0T7rq9Zj5+L80XrUkXeivTFIqTtVOQWabzVFkVM5R8NAshyjaKDyru
f0f3nwN5qqIThlLGCe7z6pfAVlDsgbYw13pHeTX51a2oPh0gCE1NvNvrpRAX5Yrj
CtpyjUrxtYhLOzxzYIBizjrQyeIqjLh9a77hWAS9z8Z7bpk9Rgk8cUCayCk6GnLi
2CM/t176P2KvNqHXmmYJ2JN1gGFw2pzBjqHT3vt6Nwf4kFJCZfqM4CL3dM0v
=jZR7
-----END PGP PUBLIC KEY BLOCK-----

SUSE Secure Boot Signing Certificate Authority (2048 bit RSA)

This contains the CA the signs our secure boot signing keys. The CA is embedded in the x86 shim bootloader for verification.

SUSE Secure Boot Signing Key (2023) (2048 bit RSA)

This key is the secure boot signing key SUSE uses since March 2023, which signs the x86, IBM zSeries and IBM Power secure boot chains, from bootloader shim and grub2 to the Linux Kernel, XEN Hypervisor and Linux kernel modules. For IBM z16 and newer this is the key that needs to be installed via the HMC. SUSE has historically rotated signing keys once a year on surfacing of secure boot security issues and forecasts this to repeat on a yearly basis.

SUSE Secure Boot Signing Key (2022) (2048 bit RSA)

This key is the secure boot signing key SUSE uses since 2022, which signs the x86, IBM zSeries and IBM Power secure boot chains, from bootloader shim and grub2 to the Linux Kernel, XEN Hypervisor and Linux kernel modules. For IBM z16 and newer this is the key that needs to be installed via the HMC. SUSE has historically rotated signing keys once a year on surfacing of secure boot security issues and forecasts this to repeat on a yearly basis.

SUSE Secure Boot Signing Key for SLE Micro 6.0, SLES 16 and newer products (2024) (2048 bit RSA)

This key is the secure boot signing key SUSE uses for its new products SUSE Linux Enterprise Micro 6.0 and later products, and the to be released SUSE Linux Enterprise 16, which signs the x86, IBM zSeries and IBM Power secure boot chains, from bootloader shim and grub2 to the Linux Kernel, XEN Hypervisor and Linux kernel modules. For IBM z16 and newer this is the key that needs to be installed via the HMC. SUSE has historically rotated signing keys once a year on surfacing of secure boot security issues and forecasts this to repeat on a yearly basis. Note this key is not replacing the existing key for SUSE Linux Enterprise 15 / SUSE Linux Enterprise Micro 5.x.

SUSE Container signing key (RSA 2048 bit)

This key is used to sign our containers on https://registry.suse.com/ when using Notary v1 or sigstore / cosign style signing.

SUSE Container signing key 2024 and later (RSA 4096 bit)