If you would like to contact the information security department at Teradata, please email information.security@teradata.com and someone will respond to you.
Product Signing Keys
Below you will find the keys we use to sign our software packages. The relevant public keys are included in the respective products. You can verify the packages manually using the keys on this page.
RPM Signing Keys
Here you will find the necessary information to validate the authenticity of Teradata RPMs. To manually validate Teradata RPMs, you will first have to import the public key and then you can validate using the rpm command.
Verifying RPMs
1. Download the Teradata GPG public key:
$ curl -o TD-RPM-SIGN-KEY.asc https://www.teradata.com/Security-Information/TD-RPM-SIGN-KEY.asc
2. Import the Teradata signing public key:
# rpm --import /path/to/TD-RPM-SIGN-KEY.asc
3. Validate the authenticity of an RPM:
$ rpm --checksig -v <filename>.rpm
The output of this command shows whether the package is signed and which key was used to sign it, for example:
$ rpm --checksig -v <filename>.rpm
<filename>.rpm:
Header V4 RSA/SHA256 Signature, key ID 4b121135: OK
Header SHA1 digest: OK
V4 RSA/SHA256 Signature, key ID 4b121135: OK
MD5 digest: OK.
Release Package Signing
Please do not use package-signing keys to encrypt email messages.
rsa2048/ACB29BA74B121135 2020-07-22: Teradata, Inc. security@teradata.com
This key is used for signing all Teradata RPM packages.
- Location (SLES12+): /etc/pki/teradata/TD-RPM-SIGN-KEY
- Download: Teradata
- Download: pgp.mit.edu
- Fingerprint: 45922D0BAA052775B98AB786ACB29BA74B12113535
dsa1024/ABFE51F56259D34A 2016-12-22 TTU-Client-Signing-Key (TTU-Client Official Signing Key) ttuclientinstall@teradata.com
This key is used for signing Teradata TTU RPM packages release before 09-01-2020.
- Download: Teradata
- Fingerprint: 897F279028274CC9BA021085ABFE51F56259D34A