I have a requirement to verify the RPM GPG Key fingerprint, but cannot find it anywhere online. I just need something like RedHat provides here -> https://access.redhat.com/security/team/key
Running the command below to obtain the fingerprint from the RPM GPG key. Where is the webpage or resource to verify that "Yes! This is the correct key"?
Can you provide an example of what what RPM you are trying to verify?
@jhmartin1 I'm trying to verify the RPM GPG Key itself on Amazon Linux 2 located here -> /etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-linux-2
I was going to suggest using the web-of-trust starting from the AWS Security PGP key at https://aws.amazon.com/security/aws-pgp-public-key/ , but that key isn't the same aws-security pgp key that signed the RPM key https://pgpkeys.mit.edu/pks/lookup?op=vindex&search=0x11CF1F95C87F5B1A . Unfortunate.