You would like to
- verify your downloads from CloudBees to ensure they haven’t been corrupted in transmission or
- to send encrypted email to the CloudBees security team or confirm the validity of a message from them.
- CloudBees Jenkins Enterprise
|9804F850firstname.lastname@example.org||Used to send encrypted email or verify received email - CloudBees Security Team|
|9FF90BDAemail@example.com||Code-signing key - CloudBees Software Products|
$ gpg --recv-keys C493F3199804F850 38E2F5F39FF90BDA gpg: requesting key C493F3199804F850 from hkp server keyserver.ubuntu.com gpg: requesting key 38E2F5F39FF90BDA from hkp server keyserver.ubuntu.com gpg: key C493F3199804F850: "CloudBees Security Team <firstname.lastname@example.org>" not changed gpg: key 38E2F5F39FF90BDA: "CloudBees, Inc. (Code signing) <email@example.com>" not changed gpg: Total number processed: 2 gpg: unchanged: 2
You can use the following command to verify the signatures on your software or messages from our security staff.
E.g. if you were provided with a
jenkins-3.904.1.zip file and a detached signature file
$ gpg --verify jenkins-3.904.1.zip.sig jenkins-3.904.1.zip gpg: Signature made Thu 21 Apr 15:27:18 2016 AEST gpg: using RSA key 38E2F5F39FF90BDA gpg: Good signature from "CloudBees, Inc. (Code signing) <firstname.lastname@example.org>" [ultimate]