How do I verify my downloads from CloudBees?


You would like to

  • verify your downloads from CloudBees to ensure they haven’t been corrupted in transmission or
    maliciously compromised.
  • to send encrypted email to the CloudBees security team or confirm the validity of a message from them.


  • CloudBees Jenkins Enterprise


Well Known CloudBees GPG Keys

9804F850 Used to send encrypted email or verify received email - CloudBees Security Team
9FF90BDA Code-signing key - CloudBees Software Products

Import GPG Keys

$ gpg --recv-keys C493F3199804F850 38E2F5F39FF90BDA
gpg: requesting key C493F3199804F850 from hkp server
gpg: requesting key 38E2F5F39FF90BDA from hkp server
gpg: key C493F3199804F850: "CloudBees Security Team <>" not changed
gpg: key 38E2F5F39FF90BDA: "CloudBees, Inc. (Code signing) <>" not changed
gpg: Total number processed: 2
gpg:              unchanged: 2

Verify Signatures

You can use the following command to verify the signatures on your software or messages from our security staff.

E.g. if you were provided with a file and a detached signature file

$ gpg --verify
gpg: Signature made Thu 21 Apr 15:27:18 2016 AEST
gpg:                using RSA key 38E2F5F39FF90BDA
gpg: Good signature from "CloudBees, Inc. (Code signing) <>" [ultimate]

Have more questions?


Please sign in to leave a comment.