Sendmail PGP Signing Keys
All sendmail distributions are signed with a PGP key named "Sendmail Signing Key/YYYY" where YYYY is the year of release. The signature is always made on the decompressed distribution, i.e., after using gunzip or uncompress.
Signing Keys
The signing keys and fingerptins are as follows:
- Sendmail Signing Key/2008
Fingerprint:07 FB 9A F9 F7 94 4B E4 0F 28 D1 8E 23 6F A2 B0 - Sendmail Signing Key/2007
Fingerprint:D9 FD C5 6B EE 1E 7A A8 CE 27 D9 B9 55 8B 56 B6 - Sendmail Signing Key/2006
Fingerprint:E3 F4 97 BC 9F DF 3F 1D 9B 0D DF D5 77 9A C9 79 - Sendmail Signing Key/2005
Fingerprint:4B 38 0E 0B 41 E8 FC 79 E9 7E 82 9B 04 23 EC 8A - Sendmail Signing Key/2004
Fingerprint:46 FE 81 99 48 75 30 B1 3E A9 79 43 BB 78 C1 D4 - Sendmail Signing Key/2003
Fingerprint:C4 73 DF 4A 97 9C 27 A9 EE 4F B2 BD 55 B5 E0 0F - Sendmail Signing Key/2002
Fingerprint:7B 02 F4 AA FC C0 22 DA 47 3E 2A 9A 9B 35 22 45 - Sendmail Signing Key/2001
Fingerprint:59 AF DC 3E A2 7D 29 56 89 FA 25 70 90 0D 7E C1 - Sendmail Signing Key/2000
Fingerprint:81 8C 58 EA 7A 9D 7C 1B 09 78 AC 5E EB 99 08 5D - Sendmail Signing Key/1999
Fingerprint:25 73 4C 8E 94 B1 E8 EA EA 9B A4 D6 00 51 C3 71 - Sendmail Signing Key/1998
Fingerprint:F9 32 40 A1 3B 3A B6 DE B2 98 6A 70 AF 54 9D 26
Use for: 8.9.0 through 8.9.2 - Sendmail Signing Key/1997
Fingerprint:CA AE F2 94 3B 1D 41 3C 94 7B 72 5F AE 0B 6A 11
Use for: 8.8.6 through 8.8.8
Prior to 8.8.6, distributions were signed by Eric Allman. The fingerprint should be:
C0 28 E6 7B 13 5B 29 02 6F 7E 43 3A 48 4F 45 29
If the uncompressed .tar file is not signed by one of these users, you may have a forgery.
