Fingerprints

OpenSSL releases are signed with PGP/GnuPG keys.  You can find the
signatures in separate files in the same location you find the
distributions themselves.  The normal file name is the same as the
distribution file, with '.asc' added.  For example, the signature for
the distribution of OpenSSL 0.9.7f, openssl-0.9.7f.tar.gz, is found in
the file openssl-0.9.7f.tar.gz.asc.

The following is the list of fingerprints for the keys that are
currently in use (have been used since summer 2004) to sign OpenSSL
distributions:

pub   1024D/F709453B 2003-10-20
      Key fingerprint = C4CA B749 C34F 7F4C C04F  DAC9 A7AF 9E78 F709 453B
uid                  Richard Levitte <richard@levitte.org>
uid                  Richard Levitte <levitte@openssl.org>
uid                  Richard Levitte <levitte@lp.se>

pub   2048R/F295C759 1998-12-13
      Key fingerprint = D0 5D 8C 61 6E 27 E6 60  41 EC B1 B8 D5 7E E5 97
uid                  Dr S N Henson <shenson@drh-consultancy.demon.co.uk>

pub   1024R/49A563D9 1997-02-24
      Key fingerprint = 7B 79 19 FA 71 6B 87 25  0E 77 21 E5 52 D9 83 BF
uid                  Mark Cox <mjc@redhat.com>
uid                  Mark Cox <mark@awe.com>
uid                  Mark Cox <mjc@apache.org>