Google Chrome repository GPG key

Hi!

Install the Chrome browser just now form third party repository. Can I trust this GPG keys? Because I not fully understand how GPG verification works :frowning:

Importing GPG key 0x7FAC5991:
 Userid     : "Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>"
 Fingerprint: 4CCA 1EAF 950C EE4A B839 76DC A040 830F 7FAC 5991
 From       : https://dl.google.com/linux/linux_signing_key.pub
Is this ok [y/N]: y
warning: Certificate A040830F7FAC5991:
  Policy rejects subkey 4F30B6B4C07CB649: Policy rejected asymmetric algorithm
Key imported successfully
Importing GPG key 0xD38B4796:
 Userid     : "Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>"
 Fingerprint: EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796
 From       : https://dl.google.com/linux/linux_signing_key.pub
Is this ok [y/N]: y
warning: Certificate 7721F63BD38B4796:
  Subkey 1397BC53640DB551 is expired: The subkey is not live
  Subkey 78BD65473CB3BD13 is expired: The subkey is not live
  Subkey 6494C6D6997C215E is expired: The subkey is not live
Key imported successfully

full terminal output here Untitled - Pastebin Service

Added 3rd-party-software, repo

The output looks correct as it matches the official fingerprints:
Linux Software Repositories – Google

1 Like

I found more info here 2274169 – google-chrome updates fail because rpm does not support updating public keys