Protecting Security Information

Due to the sensitive nature of security information, Apple provides a method for you to:

  • Verify the authenticity of security notifications
  • Encrypt messages to send to Apple via product-security@apple.com

1. Obtain PGP

You can obtain a commercial or free trial version of PGP Desktop from PGP Corporation. Additionally, GnuPG is available as freeware.

2. Apple Product Security key

This is our PGP key which is valid until May 15, 2012
Key ID: 0x1D65079E
Key Type: RSA
Expires: 5/15/12
Key Size: 2048/2048
Fingerprint: FD32 51B9 4C0D 16A9 4DB7 99DE 69C5 D89B 1D65 079E
UserID: Apple Product Security
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 9.7.2.1608

mQENBEviBuoBCADF4ELIH4hwoJ5G/Tq1t7lBkdRCKSsdn8SMmiFEOXR+uetjlJki
eJWhhRzfkSfLGFOUuB5mbUNl+Q1unMb2+vIdJbHJmMK80BUWNYNANd/21l1ilpUH
ptsWw7/qcHQQYkicvJSrmy1SlJeSOxOPMa8D3GuzKOOk0dcJ67RhOrHKJMIUMz2U
gvgnyagBj79vuip29x//8oE4yuXnUFbtIfLMftVKMCOCalVFzqsZjunt4KAuuQ5o
+xpHWf1diOGe+UgDQU/cCC8GBQJiFukd5EnrLREPj1+37klvxL+zXnFQu9n3xwjq
phOMt2rW4V9aqoJ+1QZyd2P/TQjcJ9KEW0sdABEBAAG0M0FwcGxlIFByb2R1Y3Qg
U2VjdXJpdHkgPHByb2R1Y3Qtc2VjdXJpdHlAYXBwbGUuY29tPokBFQMFEEviCB95
KHXoimSJAQECtZoIAKdBSD4spucNZtlhTlgpGQN/DX2e6ItRrrdha5cPiIyvi5Ma
8DBGA3MGjgIoTKewL8k2n5o3jwJtlfUnb8JERKQz/M+qooF3UbMNidwvb1t9rLIh
ewWIKNUDHotRt38cCMn7O6thd7im5AfvBengIHXed59u1UWCZHXJ+xa7HOBapYe0
tGmQcODgSGcyvo7pIDuZTBEENOFj9R1NsGD4+qB18o2TVansiGF2Q4B8YTE5NJZz
fpQyPrU5Um+nc0E5M2Z3qns7ukT6MuwYbOzg8dF87P+0f2kBCo32uIn+KCctAODS
R9VJuTso8Ab4EdIf6f6AeCUvagpPFbLYwhcIqqqJAYoEEAECAHQFAkviCIsFCQPQ
54AwFIAAAAAAIAAHcHJlZmVycmVkLWVtYWlsLWVuY29kaW5nQHBncC5jb21wZ3Bt
aW1lBAsJCAoCGQEZGGxkYXA6Ly9rZXlzZXJ2ZXIucGdwLmNvbQUbAwAAAAMWAgEF
HgEAAAAEFQoICQAKCRBpxdibHWUHnsqDB/sEAymEY3QTqkSyb5Re/PkYWrvcCqps
Syq2aE2ZZD5JtDc04fwiD6Kd1KPm7tvEK13wk7V3C6a1ymdbW4LjpsfngtWibZ7z
EGp6c4RzB0S5qKv+dEISEkUh0Km5tHlySUqUxT+8xBGlYEKVkFIzNay6N5kgedRU
qYuggriUJqn9EG2JFoUHWJ0hUm7QPr/yq8b9ue9aKxhJqUO3YJNT2dT0nZNugiFJ
sHyqNxJ/PjNQB4CoCBM7R5amRz3Xc55rzz03kIcVs4vW1TVhUEAV2xBSHWtzZg6l
wYv+WHae4uPP0f5vk6mvR01kHLuuuLbhewwyyKuyjURtl0xkejS22N/atE9BcHBs
ZSBQcm9kdWN0IFNlY3VyaXR5IE5vdGlmaWNhdGlvbnMgPHByb2R1Y3Qtc2VjdXJp
dHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20+iQGHBBABAgBxBQJL4giLBQkD0OeA
MBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGluZ0BwZ3AuY29tcGdwbWlt
ZQQLCQgKGRhsZGFwOi8va2V5c2VydmVyLnBncC5jb20FGwMAAAADFgIBBR4BAAAA
BBUKCAkACgkQacXYmx1lB55h7ggAncknDp8Tmm59mYCg5GggLQ/ScV9ruXKXnPNZ
6rO1upMnvmI+odwdg36kWMhDRMcdSJwgLL+i6nfqJtbeyfXTc4ZMDsc/miuF1ucn
is3Xdcwb+M+08m9RxjNhZxHYVKIG5b8dxYkrq0M0UJ7XZNmCri/pEIw7D3UkVrH+
g8MY/47a12khL3Xr8R3a86S7eKTIjAWKLUHUC+2Q4V+7NE1ozbAdI1dlVv8UoGQD
cDD1HG8ZmUnxsJr9s3kSOjZlYKaw0LVOgPgmFwC1UZepQBf9j5LMfssQmAZz278J
9Hk+zWsM/sDDQ0mYzBG1H13HD7S28fttU497/9/6Q+bEGYZa3rkBDQRL4gbrAQgA
x8jQARpwNmIWcq0RTVKnLWAeAvc4z6dclbqvs4TimTid1l9NX3W9XeWBQ5ACiUnD
o8F/clmIld7skd7zwVu9DB7o3T46hHmw2t9b6DeDzsagv8qMPiDkP9rMCQrxHH/E
4ucpnNLPcLT/5i/P1lqCfe99SXDWw3lP8WNhVhVBtKO3CBZH4vEGuVNCdE8iXaMW
xYU0hwCvSB2Aud+Q8zB03UeNXOqUAtM9Fyz2cJvSoaQ+XR8bA8+Smnu2P7fSOPNG
1dp3cIikbvknEoXumjuNo0PNsvByhSQG1i1ICMKv5CMusEz1v6D6tu3EI3zGT3K6
Bay8Je8UXR/eiAYv9XMYtQARAQABiQJHBBgBAgExBQJL4gbsBQkD0OeABRsMAAAA
wF0gBBkBCAAGBQJL4gbrAAoJEHQW/eFJFyBij4UIAKWitNPSewZMpylpXo6Iy/Iw
CixoIs2hCZ8y3WVW8xWM/TZFyIoCGmIz/1zHQ072Zmfmj4K658Um/h8a8OTpKv/l
Nxh+yvRmPlWMTFsWQ33VItoJUZBbF7Uz79S5atxARFhVWLf5b7IwAh8H+09B1dCF
645Sg2CML//lj6UtDeCpkjgM+7UPJSbD23Tst6S4HbXVIO86V/WmU5zQgP9mLMD9
YQjR6kismFTSx68aFM/W/VY1CWIQabULRmMAQ1KmY73w3YXG24k7RWtPV0yEuWXs
u8cIfaPDFYhMfFiA1YHntnCbW87T15UjtTSN2G8T7gMWjl48EWgpUmqY9oBnvaAA
CgkQacXYmx1lB56oHQf/ep5uqHq1szjpNWEaSx1brecWLzkdFkSNS35vLOmTpEf0
aQe8ySV6k6GcQ1nLXoIcaccmQ2oOsQBjZzRBjH9frza/M8MO2WCKtRxXGM9U3AjA
EQkkzs6pNXrUoUT+OzTM2iq7Ph0qJ67WmcywEK4LqKjI6IpItiLdCrBrHJ0K6R08
wjp90uS0xaHircxhMaJ9MhYjwMtRzLgj2DsftnG9tn3yug294LtOMt9ZTzSttZSW
zpofXH0815q0KCsBJM2HNQfxuvZ3mOwJ1HxfpmELXj9Z34axUdKsUJ8KchDCWMnf
XU2oQ4PsqdA2kuVHxJWeMsfTi0mcjBlkR3Q6FLA18w==
=zi3p
-----END PGP PUBLIC KEY BLOCK-----

The Apple PGP key has an operational life span of two years. When we generate a new key, it will be available from this web page. Our previous PGP keys are archived to facilitate the validation of previously-signed messages.

3. Check our PGP signature on mail messages and documents

Documents developed by the Apple Product Security team are signed with the Apple PGP key. We encourage you to check the signature to ensure that the document was indeed written by our staff and has not been changed.

Note for users of the security-announce mailing list:
Some mail programs cause changes to messages, resulting in an indication that the PGP signature is not good. Critical information will also be posted to our web site along with a PGP signature, providing you with a confirmation of authenticity.

4. Encrypting sensitive information

When sending sensitive security information by email, please encrypt it.