GPG

YUM GPG keys

NOTE: If you installed crowdsec/crowdsec with our Bash script, Chef cookbook, or Puppet module the GPG key is automatically installed. There is nothing additional you need to do.

GPG signature info

crowdsec/crowdsec has its YUM metadata signed with crowdsec-crowdsec-9EB2753BF09DFB77.pub.gpg.

Important notes

There are two types of GPG keyrings used on RPM-based systems:

  1. RPM's GPG keyring. This keyring is used for verifying signatures on RPM packages.
  2. YUM's GPG keyring. This keyring is used for verifying signatures on repository metadata. There is one keyring per repository on the system.

The YUM GPG keyring (number 2 above) is the keyring that the information on this page refers to.

Import GPG key for crowdsec/crowdsec

To import a GPG key to verify YUM metadata, you must create a repo config with the GPG key URL. This is done automatically with all of our install methods.

If you'd like to do this manually for crowdsec/crowdsec, follow the instructions on the manual install page

Remove GPG key for crowdsec/crowdsec

Unfortunately GPG key removal is not particularly user friendly.

  1. Check your /etc/yum.conf file and note the value of persistdir. If persistdir is not set, you can assume it is /var/lib/yum.
  2. Determine which CPU architecture the repo has been installed for: i386 for 32-bit systems and x86_64 for 64-bit systems.
  3. Determine the verison number of the CentOS or Red Hat you are running (5, 6, or 7).
  4. Replace x86_64 and 7 in the following command with your CPU architecture and CentOS or Red Hat version:
  5. gpg --homedir /var/lib/yum/repos/x86_64/7/crowdsec_crowdsec/gpgdir --delete-key 9EB2753BF09DFB77

APT GPG keys

NOTE: If you installed crowdsec/crowdsec with our Bash script, Chef cookbook, or Puppet module the GPG key is automatically installed. There is nothing additional you need to do.

GPG signature info

crowdsec/crowdsec has its APT metadata signed with crowdsec-crowdsec-9EB2753BF09DFB77.pub.gpg.

Import GPG key for crowdsec/crowdsec

  1. Ensure you have curl installed:
    sudo apt-get install curl
  2. Ensure you have GPG installed:
    sudo apt-get install gnupg
  3. Add the GPG key:
  4. For versions equivalent to or later than Debian/Raspbian Stretch, Ubuntu Xenial, Linux Mint Sarah, Elementary OS Loki:

    curl -fsSL https://packagecloud.io/crowdsec/crowdsec/gpgkey | gpg --dearmor > /etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg

    For versions equivalent to or older than Debian/Raspbian Jessie, Ubuntu Wily, Linux Mint Rosa, Elementary OS Freya:

    curl -fsSL https://packagecloud.io/crowdsec/crowdsec/gpgkey | gpg --dearmor > /etc/apt/trusted.gpg.d/crowdsec_crowdsec.gpg

  5. For versions equivalent to or later than Debian/Raspbian Stretch, Ubuntu Xenial, Linux Mint Sarah, Elementary OS Loki - specify the GPG key in the /etc/apt/sources.list.d entry, as below. All older versions do not require the signed-by option.
        deb [signed-by=/etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg] https://packagecloud.io/crowdsec/crowdsec/<os> <version> main
        deb-src [signed-by=/etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg] https://packagecloud.io/crowdsec/crowdsec/<os> <version> main

Remove GPG key for crowdsec/crowdsec

For GPG keys stored in /etc/apt/keyrings:

  1. Remove the GPG key:
    sudo rm /etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg

For GPG keys stored in /etc/apt/trusted.gpg.d:

  1. Remove the GPG key:
    sudo apt-key remove 9EB2753BF09DFB77
  2. You will see the output "OK" when complete. You can verify the key has been removed by running:
    sudo apt-key list

List all GPG keys known to APT

  1. List all GPG keys known to APT:
    apt-key list

Package signing keys

GPG key name Key ID Delete
crowdsec-crowdsec-EDE2C695EC9A5A5C.pub.gpg EDE2C695EC9A5A5C delete
crowdsec-crowdsec-C822EDD6B39954A1.pub.gpg C822EDD6B39954A1 delete
crowdsec-crowdsec-FED78314A2468CCF.pub.gpg FED78314A2468CCF delete