RPM-GPG-KEY-amazon-linux-2

I have a requirement to verify the RPM GPG Key fingerprint, but cannot find it anywhere online. I just need something like RedHat provides here -> https://access.redhat.com/security/team/key
Running the command below to obtain the fingerprint from the RPM GPG key. Where is the webpage or resource to verify that "Yes! This is the correct key"?

gpg -q --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-linux-2
pub  4096R/C87F5B1A 2017-06-07 Amazon Linux <amazon-linux@amazon.com>
      Key fingerprint = 99E6 17FE 5DB5 27C0 D8BD  5F8E 11CF 1F95 C87F 5B1A

jhmartin1
10 months ago
Can you provide an example of what what RPM you are trying to verify?
Matt
10 months ago
@jhmartin1 I'm trying to verify the RPM GPG Key itself on Amazon Linux 2 located here -> /etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-linux-2
jhmartin1
10 months ago
I was going to suggest using the web-of-trust starting from the AWS Security PGP key at https://aws.amazon.com/security/aws-pgp-public-key/ , but that key isn't the same aws-security pgp key that signed the RPM key https://pgpkeys.mit.edu/pks/lookup?op=vindex&search=0x11CF1F95C87F5B1A . Unfortunate.

Topics

Compute Security, Identity, & Compliance AWS Well-Architected Framework

Relevant content

I need to find more details of using SES Verified identity wise
Jalendhar
asked 8 months ago
Unable to connect to my EC2 Redhat Linux Instance - Server Key Refused
advaith
asked 3 months ago
I find a bucket without aws region in my s3, but I cannot delete it.
Eddy
asked a year ago
I have created an account and created a bucket but I can't find it.
Annie
asked 3 months ago
Do I need to specify the AWS KMS key when I download a KMS-encrypted object from Amazon S3?
AWS OFFICIALUpdated a year ago
How do I resolve the "Cannot find module" or "Cannot find Package" errors when I run Lambda code in Node.js?
AWS OFFICIALUpdated a year ago
How can I verify signatures generated by AWS KMS asymmetric keys?
AWS OFFICIALUpdated 2 years ago
How do I check EKS Anywhere cluster component logs on primary and worker nodes for BottleRocket, Ubuntu, or Redhat?
AWS OFFICIALUpdated a year ago
How to build a unified authorization layer for identity providers with Amazon Verified Permissions
EXPERT
JohnT
published 16 days ago
A Go novice's experience with Terraform providers
EXPERT
Patrick Kremer
published 5 months ago