Protecting Security Information

^_.

Due to the sensitive nature of security information, Apple provides a method for you to:

Verify the authenticity of security notifications
Encrypt messages to send to Apple via product-security@apple.com

1. Obtain PGP

You can obtain a commercial or free trial version of PGP Desktop from PGP Corporation. Additionally, GnuPG is available as freeware.

2. Apple Product Security key

This is our PGP key which is valid until August 13, 2020.
Key ID: EDF2D0CD
Key Type: RSA
Expires: 8/13/20
Key Size: 4096/4096
Fingerprint: 3391 5A68 5463 C30F 4426 0BD1 073E 2E19 EDF2 D0CD
UserID: Apple Product Security <product-security@apple.com>

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF1Ueq0BEAC4GgN2hZoaXNCxgfWcHZEhqRqqcfaDinF9zDVCsuAF0BeiHaH2
dldG/VZ8quX+mP4S/9OjMUsD82RCmaAgGGQLyFoS50QHVO41lG1KDZzhRyPRobAJ
s9SitUGPsi1j/JcNgaK4t/ekpSlKTy3+T8V4dRrOL0r6BJ8/EW384M9VqlDkhB7j
dCX6WuWLYHquTgSgWtPq76bqnOMbrdm77fbDQ2u3Nphxbkw4u3yzAyfnZUs+3HPP
j3kr0QEuT6ZonSEXZ2wgBNUF8ADhtuD9AmjF/CtBEogLVoE3dmcSt9HQuoA8AtL9
As1Li+yXY3OrF8Qaawy5NQx5tMwbXw1/q1DjGvYtKQPs1Y61hz+eVlqZYMxze9+f
oiZLxjPHQKOpiJ48DoPkQF53iEAyYiWoAeQTqCx7RSITR9uN38Vs53NzND8LpUPB
mKcu5bNy40Y1yFd51qP0QnihztasXQUDW/OHQeDSdhoyo90kA0ok190Wcaw7FQTW
Is/akwCMpkR3INGXh/gv3iKjHrdLUycv84/FYeLhvkm8qqJ0Gzd20Ie1NC4Bq4qJ
7rMUvrimHzcgqpchk4KDLpsayK3HBUcu7diWalxWIipD1yduFkBMgioQk2+8lVBv
nEu1qSeJL//s62gC6FKaxJvEgXXsTj76LUJUVGSw26wWnaFICUK7g9BlhwARAQAB
tDNBcHBsZSBQcm9kdWN0IFNlY3VyaXR5IDxwcm9kdWN0LXNlY3VyaXR5QGFwcGxl
LmNvbT6JAlQEEwEIAD4WIQQzkVpoVGPDD0QmC9EHPi4Z7fLQzQUCXVR6rQIbAwUJ
AeEzgAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAHPi4Z7fLQzTvID/4+MUXA
xUqdWxbalQTBaYTLIEoDh2EMoTxbBpfgeMZ5T8wFTq5umbsxm6OPI9Yi0O/avT+K
attmjNSxtD+qo/OGwnm4uuYZifgX0MVLTLdzIgB31sexh5LhDj6jInfKCgKDWaYP
qNdmsZca9azdvxfajUVBNC0Tr8yjklqKoq0hWnyxvbMv4gkFwWZxv+7P2kB7lgHQ
YUDxFlcUr8zxcRPPD1/HeTFqCNkB3xxaU2WkOeGziSw7yw6x+rtlsLWJ65/uYzJY
qYHZF3qnnLLCxRVQ/8TR3jgdq8Fa8bpi9Qhleg2pk2Tkouz8Qo2+KC+1/ySDU/SB
ctkwFKZ93TW6lO9hhbQL2MBOWptX3WEulPoTZIdXqhp3vcu64Aji+F9VDB0XXhpg
cPoqQ+vInR2GLI48pMj24qmOnF+0Up7HPyA5983kelPNgmk234+69pPkAulSVMB2
rkVYONHXxn3Xpt4kx8UmF/GAN0ua69nquRbSO5RPY0znNOh7ZWbB4MQL4Lr++M50
IKAm7HMeZzEFEiyVnq4kYi36dmQNt4MvbDn47koX7PB8SJ/tfWmZBj/OnsPhFD8h
YZe8UJlNguRTi7P1LnuMzACG542nN6n8N8aYSzl86j9GOkpQVnjsWbtKS14eiZ67
AwezsVYvWD42BLFdRJ/GPNaNVHXCe6V1Qnbu5rkCDQRdVHqtARAAr0EhrbAMUGiS
/0g6mN6yGqufqTUDUxryUibD86lGvhsdPNdsIsP3PBcc8hrkBjh7eiVc9Yy9moTq
dNQAAPHRTLnX2dyOTiCGgEhQfzXmitNev8n4MYTzQMJ4QpTeTiQZVZTYUvOr/Sej
I4wftfA0r4BK9CEOBmyVhZx8mfjJO2ja5iNSuXWpefIs/o/6aj7xlmgCeMuHqEl+
XTALn+SIQh6UoE40VAsNjc5XrecQCS++QIwlmCCBMOcmotAPQf0EMSAiJL9BAWE/
tyGAc6DPUYQCyS+Yx/2NSlsES1QNHw8Ytfw+e+JpFbTbWSGlJgqFITvgVK3l/JaM
88pArvU8EIdkSTRhnVX4EpABMIb/P6RuLnZLCL2pixeht9wNfRMqfxp7noOf/GkY
ofpCZAzfDG14Vhty98si+qD2w11s5erh1sheiSsOdV1TKe1kvgA2ZI7KEQAPIQgu
fc/14ehFNF+qf37iCHIpfEneHzY5n94d3J3dGvpF2/hzPIodFUWUvIb8hZcemWhW
16QW4+EZFT3aHlRHd2eIPNqG4qMlLA9/wCmlu+W2MVZWZc1ManfoCDX3gm0Kk4dG
xX1OauIt1iB4vqrsq1MvpdwqJp7BNNbrhEboB8VBRINSTxJ8t0V3KczMusLKVY8W
K6jyMUAi28OXLmvgofDwNHDZb7tpTLkAEQEAAYkCPAQYAQgAJhYhBDORWmhUY8MP
RCYL0Qc+Lhnt8tDNBQJdVHqtAhsMBQkB4TOAAAoJEAc+Lhnt8tDNjkoP/2ZHKkg+
+TmWLaE2KsX29YokkPaJklILUZcBSRDb05UIyMsX+MCB0LSn5arc3m9AGXSzzLKO
49WgDcXV0w7Wc7JPCxZ1kTwaBaxfPUdIdCB6TGFAFrdr6xW/MzMTAP+N/x+XH54m
jw6g9nbBh221z29yrjymHffqVB1mC/T8F92dYwl1F7N/i9MUmeYS7RDUfQgSH9tP
TScedXMWz/5Nh2h0QM+90F/Jv3lCw7k3obUZNm4ctao7CFkIA6v9XaNdMX7mpxOe
i7rXCqnrI0WCZyRfc8MoLJ12oyCk6Gtd56Oy0ZQsLqLkxjVgipJBQ3M7w20vzqbF
Jqb2BwtzNWM/LjfpVZcAZk0oO5QoosTTOtkrO/yEX/Mk7rOq9CAIbKEj03oAwXaU
w9EUnLr4u35weZp0V7ci5neouHBGikG3qygWm2p3LcIv9/b0eARTxMb2AvXhF3iL
ZGNQFn1HWTqJ2UR3NGnZD/pUjxiPcPegYKZxJ/DfUVdqpP5Fb5OLC4si0Gvhfsg4
TNw+XolrGHL7E4ELy+GnLvFhiZ99t3JonA6VXH7lx86Evb5wfIGXA0j4FEiAIUQO
Ug1XulQc9tLhj4L6DRgu2Bgd2vf/fB/gO/mh5F5p76biEUkjFW/bSWoXl4MN1n+v
R5YpHOtFRSQWEIx4dVKlXQaM+R09X4XGMGT+
=hsZs

-----END PGP PUBLIC KEY BLOCK-----

The Apple PGP key has an operational life span of one year. When we generate a new key, it will be available from this web page. Our previous PGP keys are archived to facilitate the validation of previously-signed messages.

3. Check our PGP signature on mail messages and documents

Documents developed by the Apple Product Security team are signed with the Apple PGP key. We encourage you to check the signature to ensure that the document was indeed written by our staff and has not been changed.

Note for users of the security-announce mailing list:
Some mail programs cause changes to messages, resulting in an indication that the PGP signature is not good. Critical information will also be posted to our web site along with a PGP signature, providing you with a confirmation of authenticity.

4. Encrypting sensitive information

When sending sensitive security information by email, please encrypt it.

Published Date: September 03, 2019

Helpful?

Start a Discussion

in Apple Support Communities

See all questions on this article