Owner's Manual
Using Dell Update Packages 17
If you do not already have it installed on your system, you must install the
Gnu Privacy Guard (GPG) to verify a Linux DUP digital signature. To use the
standard verification procedure, perform the following steps:
1
Get the Dell Linux public GnuPG key, if you do not already have it.
You can download it by navigating to
lists.us.dell.com
and clicking the
Dell Public GPG key
link.
2
Import the public key to your gpg trust database by running the following
command:
gpg --import <Public Key Filename>
NOTE: You must have your private key to complete the process.
3
To avoid a distrusted-key warning, validate the public key by its fingerprint
before you use it.
a
Type the following command:
gpg --edit-key 23B66A9D
b
Within the GPG key editor, type
fpr
. The following message appears:
pub 1024D/23B66A9D 2001-04-16 Dell, Inc.
(Product Group) <linux-security@dell.com>
Primary key fingerprint: 4172 E2CE 955A 1776
A5E6 1BB7 CA77 951D 23B6 6A9D
If the fingerprint of your imported key is the same as the key owner's,
you have a correct copy of the key. You can verify the key's owner in
person, over the phone, or by any other means that guarantees that
you are communicating with the key's true owner.
c
While still in the key editor, type
sign
.
d
Answer the list of trust-validation questions that appears and create
a passphrase to use as your secret key.
You must import and validate the public key only once.