Security Keys

Contacting Eucalyptus Systems Securely

The Eucalyptus Security Response Team can use a GNU Privacy Guard (GnuPG or GPG) key to secure communications. Mail sent to can be encrypted with this public key. We expect to change the key we use from time to time. Should we change the key, the previous key will be revoked and the security-announce mailing list will be notified of the change.

15ce00fc: Security Team <>

This key is used for communicating securely with the Eucalyptus Security Response Team and for signing the security advisories posted to mailing lists.

Please do not send messages encrypted with this public key to any address other than We are unable to accept any non-security-related email which is encrypted with this public key.

Software Signing

We use a number of GPG keys to sign our software packages and package repositories. The necessary public keys are provided with the relevant products and can be used to automatically verify software updates. You can also verify the packages or package repositories manually using the keys on this page.

Run the following command to verify a RPM package for a Eucalyptus product:

rpm --checksig -v <filename>.rpm

Follow the procedure detailed on Debian's SecureApt web page to verify a deb package for a Eucalyptus product.

Please do not use package signing keys to encrypt email messages. Refer to Contacting Eucalyptus Systems Securely for secure communication information.

c1240596: Eucalyptus Systems, Inc. (release key) <>

This key is used for signing Eucalyptus products released after July 2011 and their updates.

0260cf4e: Eucalyptus Systems, Inc. (pre-release key) <>

This key is used for signing Eucalyptus pre-release products due for release after July 2011.

9d7b073c: Eucalyptus Systems, Inc. (nightly release key) <>

This key is used for signing nightly builds of Eucalyptus products published after July 2011.