Protecting Security Information

Due to the sensitive nature of security information, Apple provides a method for you to:

  • Verify the authenticity of security notifications
  • Encrypt messages to send to Apple via product-security@apple.com

1. Obtain PGP

You can obtain a commercial or free trial version of PGP Desktop from PGP Corporation. Additionally, GnuPG is available as freeware.

2. Apple Product Security key

This is our PGP key which is valid until May 15, 2018
Key ID: 0x346CB446
Key Type: RSA
Expires: 5/15/18
Key Size: 4096/4096
Fingerprint: 72E5 F8AE DA11 7B85 FADB 25A5 83A3 EF8C 346C B446
UserID: Apple Product Security
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)

mQINBFctAtIBEADf5rX+xJMuOcHWoJZY4RPXGC30kUQi8gpGbXs7Pc8maA1oX7uL
Ju8I+UMhs5CdaciCom8lYplNgH+6XoI3joVIDXjZblktKuUSnRm29GVvGPB/eGIo
em9wISOwh5lBaOd8px/D11MsvHXoIkLkxkqoAElxsdb2GW9OAw1ciVmx0vQaRbSz
fYNm5ZGK3G5GX0VCIc4JJ1ppjIHAkRGTgX+PGwcUUcbTjqjatbIC6alBphvYBxB4
TSRnvvCK9vOcLa/+NQDajTKpHnAyi/tZZTBmD7uc/pl9R/SXBxKoMpQUpTUgg4pK
9m7YRW9tyQ6UeKg1dpHI6gPhhOT6lk6aR6zAEzyPbq03oYEW1uUY2qKrbPB0bpn5
ygHWns3pQ5/T1GCj9gEZvcg0uXxroOJjwG6uzLJW7aVM1m4Q33ehjYUNxdWPpPfm
kNg5UXVuv9LszV6yADoAo/1Hm78m5/E/I7EgHJNefB1cimz1ZRngtjoMCOAFc+8a
g0NnM/e4NcYr6jFREUSt+lxsR146syXe30UlVxcRrAb5X7iXr6gbYy/2r9hRC3Uz
AvTK8h6oSe3nqVXPf8Oc5aJDVdslfdl3FS9r5Z5v66H+ZJHE+hWqRzTR+KynYiZy
pe9L7hIzCM3ymllMGkCeNP/cbTuoOT2XECrRcjStYswSNEX6Z7CqAi4DfQARAQAB
tGlBcHBsZSBQcm9kdWN0IFNlY3VyaXR5IE5vdGlmaWNhdGlvbnMgKGZvciBzZWN1
cml0eSBhZHZpc29yaWVzKSA8cHJvZHVjdC1zZWN1cml0eS1ub3JlcGx5QGxpc3Rz
LmFwcGxlLmNvbT6JAj0EEwEKACcFAlctA0ECGwMFCQPORIAFCwkIBwMFFQoJCAsF
FgIDAQACHgECF4AACgkQg6PvjDRstEZ7ExAAgFVvzm8Jqvu+Snoq5sBAeqlzAuof
5KSDtIFCyZemUdSQLDLHmjGFDUKllMKVta0udFD/+ara/0JqDhP5kv+XI7DGCk96
Zx5OeWs62qju4xxeDIQYQu6OIEnzpNBsskYG/gK1IaVpOjb7w80OK0sv7RBajrd4
Ct8SjHnCo4iqYoBE/fVMgbmZK0ka9pxBPqUm5eCI4W+Gj4jtk0qZd12zlwE5JpA4
dUz21SxdoBEkNlMJ+NL1sB9V1MgDVYRTGzNJjfQBIUmAwAn3fLG4l5LBJZJ+CAP4
MAQLz1BsEh6EvuxcS/e1yiCCHU5uVfj+lel/pSQJtj/Dty6HtVNvV6htwYLlDPED
/xloTEDi0dSAgc59TETfTzL38hu++Y0LqhFiajEsjTPcmdY4fpftybCUDQCPUoRu
y9fpiQEND/SLDlXz0vFE30e8bp2a42S834oARYFtDXB88UpEYMKaD483SSe3kya1
R5g8cQkByKsPDr8dFDAL4UrE/ei6nwot8h5fdxJmaV6KQhGgwfoM4UP8yTjMr88e
XMlTZIivh5TiU3fNEJpI3Z5o5QcsvN5V3Hlv8r44UgTUESEWcTcCryws0GFbl+hS
0GdJsi22LR5rDdIVIW43oonDMFuZ7gH07pFfuJUzRnNh/A1bHbvOfgI+UMB1EmPf
5dp7sz/gMt7TdpO0M0FwcGxlIFByb2R1Y3QgU2VjdXJpdHkgPHByb2R1Y3Qtc2Vj
dXJpdHlAYXBwbGUuY29tPokCQAQTAQoAKgIbAwUJA85EgAULCQgHAwUVCgkICwUW
AgMBAAIeAQIXgAUCVy0DSQIZAQAKCRCDo++MNGy0RnRfD/9uIsuAQcZf3zukJcCs
R34FjUKvCVKRebi4zoD6m0gmoTcTUkpRDJByDuJrvBQ4ak2/P3W6YzRvGN6U0zyP
Qql5V6jaUGcc/RsKTHDgWZeG5v1MwwW6T4fkM5it5Ry9NZc+vgOQSM8/227fZpYR
01X6gkz/YVcCZhoxWSz3PF+xvvIXU6G75iABOPI0ZdHPXgojUmeHB16mF7U6q4Q0
ESHJpIMpKxcS+yceXXlKP2wms2stjYHNxng0Ag8+LbJSoOtWmtEOJKPdwwC0ZXIk
mpdTDvDp3gJ2PwS+Gu9IZRn4BVg1CWuRIAE+Nug7/hRdnkgjM+vUtIn7OkosBYrj
6QUY5qTkghdhkfptqN97raDOsXi94bB3dUtCk/HDD9LB8s6YTz3FSQttxuS6E6BO
mn1No1HaOmYITa6+nsMMKW+rRHxVR2VgPbUEkSz0ixjIjjNRgRD+0QxIkzqsHuyT
FOqk+DvGQL2M/1WrDh6s8nIMBGi0zzqzX4qdjD0Ip/M9sLD6vgnxR+4HjQhT007a
Sfa68pe/a2fYN5TB8gCVtFPwtr1pQN+LezI06hAJHNLjkqNOJ1FhTbg1aVraaOlt
bLv4wiVACUOcU3vQNjGTJTOY49O0RjqNn4nIyHeSbPIj1lFZIqMNxFP1ou8vmoA6
pQs/8wHjzUS4bHP+bXR1YZ3T34kCPQQTAQoAJwUCVy0C0gIbAwUJA85EgAULCQgH
AwUVCgkICwUWAgMBAAIeAQIXgAAKCRCDo++MNGy0RrCyEAC2sgpXufCAKJYk4AGE
EXfC3vdSeY5/iqwYEXHpeVCOXHaTX9wH+09OZX+M9ywY986tT5ZQ6NkC8B3toU6g
f2agnuve92+vQCCOQ14hx6RCCtjs33KLHCR3HIIfcSOEqSVYtur8695ObNdQbwNN
czzK1NzhPfRHaeyazV3xJLw+ptB7H/BnKUqGiC3nhgtiuXCSKKaiQ0Op4vbykUpd
aODgEuBWGh0yBYG3LUu/PjTTv0muRvpfVJNtodQ/avsezAC2/khlmOBU1/mOBdBa
01HfimvrvbS4Z4F+TfEmYJKHKE7L5Kh0nbkr0v60pqEvdAbWjXSMfrofGXH4XiF4
3RqgTKaM5ACk+yY94CQXmx/VYa0qiUKixXP9mfkh+mqyHw9F8gKNifDLrxzyzuUh
tCsM5KqfFi0n4deQP35XLRZrb9izk2bMHiGxHlvZuNQHSgVwQEPYMFyPxko8Nzik
xMCIk+kOjfQwK3FhEPSO5bmzOat+NPfEhuBlHP6Q9VJmh3JxvCcAjX2JaJxVyHX2
8xG4xG2S+hxp9/hTEXoDX18kfgu2YzWqh9loVSQdnqdgFE7pSQ7jDYaneJaeM4d/
pzztKOo4JjgkCEdNN/r/3Z4mMhdcOfE+jlsA7um69oJm9M0oKE3SFLohi/iAQpv4
x2lSBwtis+G6Om/AsNTTf407AbkCDQRXLQLSARAA3ih663i63VSFxy/agw+PwKVa
TXt1uNacbqfP+uj9LU3yV9CwwonF25/TudgiaNqvNRE2J6LU79KBdMzuoQPSYTj3
G9MPKGqqKmm0I2sHFAcxx32j/4KJc/y4rveisdFAHDJzzbq0YgrvBNPKNNlYhs4e
M7hmP7zWJVRz50oI7KL7MckeLNLiBCHkHhk71g2WZ2tueRNUb9lwj/8wXfzhMNTs
AUNDagyk057MImp47ckQih+YQr3AjMNxmlB5iul/fHmFn+Gwu4VKqO4+75kb27Cc
R/wMZOmecm76dQ3UFRXq0PHcliRe7qGEWNZNlcnjQWDJOmP0D09umToz73IVr6ed
IGy4OBCy6JL3QxoVquAzsviqQr4Ou6nPonvRRBcQktTwRDDFEH81WZrjRiORVTrZ
hLAn/saGuAPAFZ+gvQJjO9Uz/5BaR0e8fgDc+Xt0HhxkU6cfynickU8vHB0/7HxV
y8zPC2VmFN7B2pd0kaVA9Mmq+ctFQiFu3RehSgC/EMrDAbWwDY3FaspauqNKxXjq
/EXne8d+t4PVzGMGX2HQFMi26hYNQmthwnAMc6Zw8hJ8tZhtspSFOOo+9TTB/M2p
0ZPQFpWA6hntzZ9OMkqnwj3MxkLopwPcAZABrvyw7h0e92CwqU6WSpKiy3SVme39
ss4COeX12Z8Jpu8OH+cAEQEAAYkCJQQYAQoADwUCVy0C0gIbDAUJA85EgAAKCRCD
o++MNGy0RmR8D/0SzcrM3LCdkOt2+5z4OS+1P/fAbtYwvheiPBujdNc6MhJEs/Xh
TxfGBe0mV9ayVwqfyjmkKyE+3IGLMYypgU31HL50D9oD7mDTyMJ2ZRR37yfyx5lL
03p7GmF9ie6nP8V8Ux+7Oe9OWpeMJrREftwXjiyRTa/oX1KDIy7d+gf7bzoZEiIb
y2YqV9Lv0l5Rrt0H9/1UJcf4YEYrSE02bM00y5m6JCf44qsxfWtJLfh6+hV39tAN
sDcVH6JTuVrvRyX9An7hmrN8qU4Q3OaDelQmyyzSVRtaWHz7qA//5JVcPGbSCVEk
Ym/GaSaQ9FBnzDBuHrXLFl3XX0Tj3AtwmW4ET1V+Z0My5cQ3V7doZi5vsU2XScj/
DDCp2NNvJdt0v1J3qWv8rE50nT0IDHkX2KCYYu2gRqugEMca9UoePFq7n5Vg7j4n
CE1bL5GlGfwOk0vqmFVEIVEnhhh8p5ghJsRcwGYvtvHD8SC4vPilrwrmbFxB+krk
DpukHA/oHDfqtGTb8YBC6FjXm5D3I3sTxx7NqBNPvRDi2Ihko3/NO0z8JxR/LI8e
D9mUbGr5rg7N+D0OxB3nE9t4a6kxm3AArKfCFU69X168KPnCX+zcLQpMa57hvlLd
OfgmPQoRjiM8uLRgMVUp8N99aAYXQJ1PvGqheh/hOqm2wWmLt/hUhvDsEg==
=DO2m
-----END PGP PUBLIC KEY BLOCK-----

The Apple PGP key has an operational life span of two years. When we generate a new key, it will be available from this web page. Our previous PGP keys are archived to facilitate the validation of previously-signed messages.

3. Check our PGP signature on mail messages and documents

Documents developed by the Apple Product Security team are signed with the Apple PGP key. We encourage you to check the signature to ensure that the document was indeed written by our staff and has not been changed.

Note for users of the security-announce mailing list:
Some mail programs cause changes to messages, resulting in an indication that the PGP signature is not good. Critical information will also be posted to our web site along with a PGP signature, providing you with a confirmation of authenticity.

4. Encrypting sensitive information

When sending sensitive security information by email, please encrypt it.