Verify Slack for Linux (beta) package signatures

Our Slack for Linux (beta) app’s packages are signed with GPG keys to show that they're coming from Slack. Use the signatures to verify the authenticity of our packages.

Note: To download Slack for Linux (beta), visit our Downloads page.


Verify package signatures

To complete these steps, you'll need superuser privileges. 

Version 4.22 and above

Version 4.21 and below

RPM-based distributions

  1. Download Slack's public key:  wget https://slack.com/gpg/slack_pubkey_20210901.gpg
  2. Import Slack’s public key into RPM: 
    sudo rpm --import slack_pubkey_20210901.gpg
  3. Check the package signature:
    rpm --checksig <Your downloaded RPM Slack package>.rpm
    On Red Hat Linux 7, the output should say: 
    <Your downloaded RPM Slack package>.rpm: rsa sha1 (md5) pgp md5 OK On Red Hat Linux 8 and above or Fedora, the output should say: 
    <Your downloaded RPM Slack package>.rpm: digests signatures OK

Debian-based distributions

Here's how to verify package signatures using debsig-verify 0.15 (or above), which is in Ubuntu 18.04 (or above).
  1. The Slack for Linux (beta) app is signed using debsigs. You will need to install the program debsig-verify to verify the packages: sudo apt install debsig-verify
  2. Next, download Slack's public key:
    wget https://slack.com/gpg/slack_pubkey_20210901.gpg
  3. Create directories to store debsigs policies and keyrings for Slack’s public key: 
    sudo mkdir -p /usr/share/debsig/keyrings/C13BC8A2F6C6FFD4 sudo mkdir -p /etc/debsig/policies/C13BC8A2F6C6FFD4
  4. Initialize an empty keyring (the signing key is a GPGv1 key, so you must follow this step to ensure it's imported correctly):
    sudo touch /usr/share/debsig/keyrings/C13BC8A2F6C6FFD4/debsig.gpg
  5. Import Slack’s public key into the corresponding debsigs keyring:
    sudo gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/C13BC8A2F6C6FFD4/debsig.gpg --import slack_pubkey_20210901.gpg
  6. Create a new file in your editor of choice:
    /etc/debsig/policies/C13BC8A2F6C6FFD4/slack.pol
    Then, paste the following:
    <?xml version="1.0"?>
    <!DOCTYPE Policy SYSTEM "https://www.debian.org/debsig/1.0/policy.dtd">
    <Policy xmlns="https://www.debian.org/debsig/1.0/">
    <Origin Name="Slack" id="C13BC8A2F6C6FFD4" Description="Slack"/>
    <Selection>
    <Required Type="origin" File="debsig.gpg" id="C13BC8A2F6C6FFD4"/>
    </Selection>
    <Verification>
    <Required Type="origin" File="debsig.gpg" id="C13BC8A2F6C6FFD4"/>
    </Verification>
    </Policy>
  7. Save the file, and exit the editor.
  8. Check the package signature:
    debsig-verify <Your downloaded Debian package>.deb
    The output should say: 
    Debsig: Verified package from ‘Slack’ (Slack)

RPM-based distributions

  1. Download Slack's public key:  wget https://slack.com/gpg/slack_pubkey_2019.gpg
  2. Import Slack’s public key into RPM: 
    sudo rpm --import slack_pubkey_2019.gpg
  3. Check the package signature:
    rpm --checksig slack-2.8.0-0.1.fc21.x86_64.rpm
    The output should say: 
    slack-2.8.0-0.1.fc21.x86_64.rpm: rsa sha1 (md5) pgp md5 OK

Debian-based distributions

Here's how to verify package signatures using debsig-verify 0.15 (or above), which is in Ubuntu 18.04 (or above).
  1. The Slack for Linux (beta) app is signed using debsigs. You will need to install the program debsig-verify to verify the packages: sudo apt install debsig-verify
  2. Next, download Slack's public key:
    wget https://slack.com/gpg/slack_pubkey_2019.gpg
  3. Create directories to store debsigs policies and keyrings for Slack’s public key: 
    sudo mkdir -p /usr/share/debsig/keyrings/F18462078E6C9578
    sudo mkdir -p /etc/debsig/policies/F18462078E6C9578
  4. Initialize an empty keyring (the signing key is a GPGv1 key, so you must follow this step to ensure it's imported correctly):
    sudo touch /usr/share/debsig/keyrings/F18462078E6C9578/debsig.gpg
  5. Import Slack’s public key into the corresponding debsigs keyring:
    sudo gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/F18462078E6C9578/debsig.gpg --import slack_pubkey_2019.gpg
  6. Create a new file in your editor of choice:
    /etc/debsig/policies/F18462078E6C9578/slack.pol
    Then, paste the following:
    <?xml version="1.0"?>
    <!DOCTYPE Policy SYSTEM "https://www.debian.org/debsig/1.0/policy.dtd">
    <Policy xmlns="https://www.debian.org/debsig/1.0/">
    <Origin Name="Slack" id="F18462078E6C9578" Description="Slack"/>
    <Selection>
    <Required Type="origin" File="debsig.gpg" id="F18462078E6C9578"/>
    </Selection>
    <Verification>
    <Required Type="origin" File="debsig.gpg" id="F18462078E6C9578"/>
    </Verification>
    </Policy>
  7. Save the file, and exit the editor.
  8. Check the package signature:
    debsig-verify slack-desktop-2.8.0-amd64.deb
    The output should say: 
    Debsig: Verified package from ‘Slack’ (Slack)