Protecting Security Information

Due to the sensitive nature of security information, Apple provides a method for you to:

• Verify the authenticity of security notifications
• Encrypt messages to send to Apple via product-security@apple.com

You can obtain a commercial or free trial version of PGP Desktop from PGP Corporation. Additionally, GnuPG is available as freeware.

2. Apple Product Security key

This is our PGP key which is valid until May 15, 2010

Key ID: 0x8A648901
Key Type: RSA
Expires: 5/15/10
Key Size: 2048/2048
Fingerprint: 39EC C76A 3D62 7062 C321 10B2 7928 75E8 8A64 8901
UserID: Apple Product Security

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 9.7.0.1012

mQENBEgoyd8BCADVztyF54QoqSIHwlcS4xjh0M3b2BwhNZfeeH+szSgnAsEB/WXD
xGIcDx9x5dX5WmdrAhGzTzrbr2nLeY5ldMfEMj+L9v6POINFaKFFMhMfIh5F4xDT
Wj2v57JpX/LtGul7rzvBJuKsMQy6EzMwUK4lPf0tp7Us2qga+w7FqLt+yaCgCngR
UsTG8jPW1JCfErQfWYwg8hXVQi9kQ9qWB9IDOb6b/VJrm+eL2h0hh9i8Qbr0cggL
CYPgc580hhNYEFcBkELDgIajMiF64WbBCu6Re7eW3tLTKH/gFBjQg0po6eo38CsM
1cJ20Ki8j41JdGg05BelSc3znHfuHEPtk2YjABEBAAG0M0FwcGxlIFByb2R1Y3Qg
U2VjdXJpdHkgPHByb2R1Y3Qtc2VjdXJpdHlAYXBwbGUuY29tPokBjQQQAQIAdwUC
SCjJ8wUJA8ZbgDAUgAAAAAAgAAdwcmVmZXJyZWQtZW1haWwtZW5jb2RpbmdAcGdw
LmNvbXBncG1pbWUHCwkIBwMCCgIZARkYbGRhcDovL2tleXNlcnZlci5wZ3AuY29t
BRsDAAAAAxYCAQUeAQAAAAQVCAkKAAoJEHkodeiKZIkBP/IIAJQGeYkXyVGQv6cz
Nnmcc9DTomofZGTlh1lIzpfI0Q9fC/yb39Ak4MbPzRQSxpL8DhuTBKKFymi6w3jy
6hibVZQpxPuKiAKDOVrODQZ5A+yzKYQXCLNKwLDYPyIWNdH6QSnb6LNsV2kYCuak
rsgQSPUzHYW8GZ6Lf/p7jatt90AjW6Y1E9tQZos2UyuzgRa3/H4cIw7QlyxBqEKN
Aeh3Ki2uiWXiMpBZRV/mmrPh1pHxCZNwgnMEif9AYWEfhHMp4IpWxmx1Y5zb4Ut6
C4GP6o49+I/jKQbGPnUrt9v11Jw3q7qtn7OFJYDLaOKuDjdUxAsX2U+/aCGitPYK
5WS0/cmJARUDBRBIKMunyACiq7hGnm0BAi7nB/97vikdsaUUlakughB9936ydx2M
yt/pzzHvMFalixy7nPp955M09aDzKL51/oUVEch1oa8pGwT0coA4EKB/1KgLdlW2
3R1/Y2jKNI2d5i3g3SX+1M8ONvNLSBFllNbA8EfaAjEKjtS5qHLPD31sDIyR9XCZ
lL+bWIET28lkux7hLD+bb5zJRJ+tpPpQj5LPgaBAN6VJotIYOsdKAuBM5Iy3t7C2
brupn1ubkUVf9SZ59gsISLgJjwp/lqtow9WMLUs9XMFWlp/o8yarkliVTT8YN6p6
WJCRdHJ8RLGdakEdEodX0bHhlffuDQ46CoJwLyZOqtmVU8AFsAdzWL+mE399uQEN
BEgoyeABCADQSbcg1uQJngtYops0sGgQA5YBASXZ5tOlcFtezve1QTB1x2kRLBJs
v6pcR2g5JG3evpqYCv/CcZKVp4PGC2oOOyVDV5rhIRneCJt+mjVFPAwnf3qk1IDJ
hKPCzp1cRvyD1Jy+43ziKtoR1eUWYMVlB4ZpUV+maSqbFPK2SWYhp3XVpQd0rAKN
jRWs5MdBUMBLNwE9uMWZjXDk1vpwUKcplucdIz2x9vAjHlCwH7bzA0acbxyrOIP7
xNS+RhTw4+wneHCnhKrXFzx1ulmKKeCM2nzRcBK6XQjGpLRn7iI36aLZIkNy0Cj7
/yUosFli/TaCkEpDSfVU2UKYuxwZm5lbABEBAAGJAkcEGAECATEFAkgoyeEFCQPG
W4AFGwwAAADAXSAEGQEIAAYFAkgoyeAACgkQ6qGgRm6t5zGG5Qf/UjH1uYLUhvvK
oO/R5fxtB6Ccvwdu1p/5Bu9Pj7KfR3RPfZUvDApvAuYjAWcZ9UhXtTSb7pmUoksS
oVLcb0lvT1PjWrXi2Xi3bEOFcunqgymCNor9AqgjKf+3bRBm54Tm7uW8EktZk4xX
B0XXe3P8jFkdrkKjtAQYcnypCSkDUnAiwcm3NbRv9tqMiyIp6X7lfuHZ38H6XsbP
jp5eWI4fesq9kcumwNHszmjfthyKrClBCACtqZBMU2ws1cluIzjOA07tGhPaTb4l
crXpkWjQmIXDu6kC0wo5Js2wtLk+UIl8SH2Bt7tenKZPBdlRYCPhws6nc4UGxSz4
vF0gkWBMwwAKCRB5KHXoimSJAf1aCACQKb6IHtEuAS5yGT6rFMI7fQDDaZxFolyP
2oF/h2Y+Q5uBn2eh3o2MzJ6wSAk8CIk4bb0bys4DyzAmUJlmiSgl+HL85urQJf7o
PG5JtXTx5LCNGfJBiKUnLu50ROes0cZtFwd8rhQbGeuHOZQ6MgLQbVShVidrI1GE
wtpLE48BEuzRQGeSXQPJLe3HpdxdF+jVAPvNoDLY1nScT9yR6+kD0v4gZq9IoDwC
DBDti1hpukhEPLrGNGX4vrE0Dvpp0MXtQX3QBYh8eIrst/f/ZwFxzIG8Zia2slHb
oHaPysmoTlQM1gCGkcyEwGlZWpaMpSp37Om7ig14xw68vdKXVUkz
=eeVl
-----END PGP PUBLIC KEY BLOCK-----

The Apple PGP key has an operational life span of two years. When we generate a new key, it will be available from this web page. Our previous PGP keys are archived to facilitate the validation of previously-signed messages.

3. Check our PGP signature on mail messages and documents
Documents developed by the Apple Product Security team are signed with the Apple PGP key. We encourage you to check the signature to ensure that the document was indeed written by our staff and has not been changed.

Note for users of the security-announce mailing list:

Some mail programs cause changes to messages, resulting in an indication that the PGP signature is not good. Critical information will also be posted to our web site along with a PGP signature, providing you with a confirmation of authenticity.