Due to the sensitive nature of security information, Apple provides a method for you to:
- Verify the authenticity of security notifications
- Encrypt messages to send to Apple via product-security@apple.com
1. Obtain PGP
You can obtain a commercial or free trial version of PGP Desktop from PGP Corporation. Additionally, GnuPG is available as freeware.
2. Apple Product Security key
This is our PGP key which is valid until August 13, 2020.
Key ID: EDF2D0CD
Key Type: RSA
Expires: 8/13/20
Key Size: 4096/4096
Fingerprint: 3391 5A68 5463 C30F 4426 0BD1 073E 2E19 EDF2 D0CD
UserID: Apple Product Security <product-security@apple.com>
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBF1Ueq0BEAC4GgN2hZoaXNCxgfWcHZEhqRqqcfaDinF9zDVCsuAF0BeiHaH2 dldG/VZ8quX+mP4S/9OjMUsD82RCmaAgGGQLyFoS50QHVO41lG1KDZzhRyPRobAJ s9SitUGPsi1j/JcNgaK4t/ekpSlKTy3+T8V4dRrOL0r6BJ8/EW384M9VqlDkhB7j dCX6WuWLYHquTgSgWtPq76bqnOMbrdm77fbDQ2u3Nphxbkw4u3yzAyfnZUs+3HPP j3kr0QEuT6ZonSEXZ2wgBNUF8ADhtuD9AmjF/CtBEogLVoE3dmcSt9HQuoA8AtL9 As1Li+yXY3OrF8Qaawy5NQx5tMwbXw1/q1DjGvYtKQPs1Y61hz+eVlqZYMxze9+f oiZLxjPHQKOpiJ48DoPkQF53iEAyYiWoAeQTqCx7RSITR9uN38Vs53NzND8LpUPB mKcu5bNy40Y1yFd51qP0QnihztasXQUDW/OHQeDSdhoyo90kA0ok190Wcaw7FQTW Is/akwCMpkR3INGXh/gv3iKjHrdLUycv84/FYeLhvkm8qqJ0Gzd20Ie1NC4Bq4qJ 7rMUvrimHzcgqpchk4KDLpsayK3HBUcu7diWalxWIipD1yduFkBMgioQk2+8lVBv nEu1qSeJL//s62gC6FKaxJvEgXXsTj76LUJUVGSw26wWnaFICUK7g9BlhwARAQAB tDNBcHBsZSBQcm9kdWN0IFNlY3VyaXR5IDxwcm9kdWN0LXNlY3VyaXR5QGFwcGxl LmNvbT6JAlQEEwEIAD4WIQQzkVpoVGPDD0QmC9EHPi4Z7fLQzQUCXVR6rQIbAwUJ AeEzgAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAHPi4Z7fLQzTvID/4+MUXA xUqdWxbalQTBaYTLIEoDh2EMoTxbBpfgeMZ5T8wFTq5umbsxm6OPI9Yi0O/avT+K attmjNSxtD+qo/OGwnm4uuYZifgX0MVLTLdzIgB31sexh5LhDj6jInfKCgKDWaYP qNdmsZca9azdvxfajUVBNC0Tr8yjklqKoq0hWnyxvbMv4gkFwWZxv+7P2kB7lgHQ YUDxFlcUr8zxcRPPD1/HeTFqCNkB3xxaU2WkOeGziSw7yw6x+rtlsLWJ65/uYzJY qYHZF3qnnLLCxRVQ/8TR3jgdq8Fa8bpi9Qhleg2pk2Tkouz8Qo2+KC+1/ySDU/SB ctkwFKZ93TW6lO9hhbQL2MBOWptX3WEulPoTZIdXqhp3vcu64Aji+F9VDB0XXhpg cPoqQ+vInR2GLI48pMj24qmOnF+0Up7HPyA5983kelPNgmk234+69pPkAulSVMB2 rkVYONHXxn3Xpt4kx8UmF/GAN0ua69nquRbSO5RPY0znNOh7ZWbB4MQL4Lr++M50 IKAm7HMeZzEFEiyVnq4kYi36dmQNt4MvbDn47koX7PB8SJ/tfWmZBj/OnsPhFD8h YZe8UJlNguRTi7P1LnuMzACG542nN6n8N8aYSzl86j9GOkpQVnjsWbtKS14eiZ67 AwezsVYvWD42BLFdRJ/GPNaNVHXCe6V1Qnbu5rkCDQRdVHqtARAAr0EhrbAMUGiS /0g6mN6yGqufqTUDUxryUibD86lGvhsdPNdsIsP3PBcc8hrkBjh7eiVc9Yy9moTq dNQAAPHRTLnX2dyOTiCGgEhQfzXmitNev8n4MYTzQMJ4QpTeTiQZVZTYUvOr/Sej I4wftfA0r4BK9CEOBmyVhZx8mfjJO2ja5iNSuXWpefIs/o/6aj7xlmgCeMuHqEl+ XTALn+SIQh6UoE40VAsNjc5XrecQCS++QIwlmCCBMOcmotAPQf0EMSAiJL9BAWE/ tyGAc6DPUYQCyS+Yx/2NSlsES1QNHw8Ytfw+e+JpFbTbWSGlJgqFITvgVK3l/JaM 88pArvU8EIdkSTRhnVX4EpABMIb/P6RuLnZLCL2pixeht9wNfRMqfxp7noOf/GkY ofpCZAzfDG14Vhty98si+qD2w11s5erh1sheiSsOdV1TKe1kvgA2ZI7KEQAPIQgu fc/14ehFNF+qf37iCHIpfEneHzY5n94d3J3dGvpF2/hzPIodFUWUvIb8hZcemWhW 16QW4+EZFT3aHlRHd2eIPNqG4qMlLA9/wCmlu+W2MVZWZc1ManfoCDX3gm0Kk4dG xX1OauIt1iB4vqrsq1MvpdwqJp7BNNbrhEboB8VBRINSTxJ8t0V3KczMusLKVY8W K6jyMUAi28OXLmvgofDwNHDZb7tpTLkAEQEAAYkCPAQYAQgAJhYhBDORWmhUY8MP RCYL0Qc+Lhnt8tDNBQJdVHqtAhsMBQkB4TOAAAoJEAc+Lhnt8tDNjkoP/2ZHKkg+ +TmWLaE2KsX29YokkPaJklILUZcBSRDb05UIyMsX+MCB0LSn5arc3m9AGXSzzLKO 49WgDcXV0w7Wc7JPCxZ1kTwaBaxfPUdIdCB6TGFAFrdr6xW/MzMTAP+N/x+XH54m jw6g9nbBh221z29yrjymHffqVB1mC/T8F92dYwl1F7N/i9MUmeYS7RDUfQgSH9tP TScedXMWz/5Nh2h0QM+90F/Jv3lCw7k3obUZNm4ctao7CFkIA6v9XaNdMX7mpxOe i7rXCqnrI0WCZyRfc8MoLJ12oyCk6Gtd56Oy0ZQsLqLkxjVgipJBQ3M7w20vzqbF Jqb2BwtzNWM/LjfpVZcAZk0oO5QoosTTOtkrO/yEX/Mk7rOq9CAIbKEj03oAwXaU w9EUnLr4u35weZp0V7ci5neouHBGikG3qygWm2p3LcIv9/b0eARTxMb2AvXhF3iL ZGNQFn1HWTqJ2UR3NGnZD/pUjxiPcPegYKZxJ/DfUVdqpP5Fb5OLC4si0Gvhfsg4 TNw+XolrGHL7E4ELy+GnLvFhiZ99t3JonA6VXH7lx86Evb5wfIGXA0j4FEiAIUQO Ug1XulQc9tLhj4L6DRgu2Bgd2vf/fB/gO/mh5F5p76biEUkjFW/bSWoXl4MN1n+v R5YpHOtFRSQWEIx4dVKlXQaM+R09X4XGMGT+ =hsZs -----END PGP PUBLIC KEY BLOCK-----
The Apple PGP key has an operational life span of one year. When we generate a new key, it will be available from this web page. Our previous PGP keys are archived to facilitate the validation of previously-signed messages.
3. Check our PGP signature on mail messages and documents
Documents developed by the Apple Product Security team are signed with the Apple PGP key. We encourage you to check the signature to ensure that the document was indeed written by our staff and has not been changed.
Note for users of the security-announce mailing list:
Some mail programs cause changes to messages, resulting in an indication that the PGP signature is not good. Critical information will also be posted to our web site along with a PGP signature, providing you with a confirmation of authenticity.
4. Encrypting sensitive information
When sending sensitive security information by email, please encrypt it.