Verify Slack for Linux (beta) package signatures

Our Slack for Linux (beta) app’s packages are signed with GPG keys to show that they're coming from Slack. Use the signatures to verify the authenticity of our packages.

Note: To download Slack for Linux (beta), visit our Downloads page.


Verify package signatures

To complete these steps, you'll need superuser privileges. 

4.41 and above

4.40 and below

RPM-based distributions

  1. Download Slack's public key:  wget https://slack.com/gpg/slack_pubkey_20240822.gpg
  2. Import Slack’s public key into RPM: 
    sudo rpm --import slack_pubkey_20240822.gpg
  3. Check the package signature:
    rpm --checksig .rpm
    On Red Hat Linux 8 and above, the output should say: 
    .rpm: digests signatures OK

Debian-based distributions

Here's how to verify package signatures using debsig-verify 0.15 (or above), which is in Ubuntu 20.04 (or above).
  1. The Slack for Linux (beta) app is signed using debsigs. You will need to install the program debsig-verify to verify the packages: sudo apt install debsig-verify
  2. Next, download Slack's public key:
    wget https://slack.com/gpg/slack_pubkey_20240822.gpg
  3. Create directories to store debsigs policies and keyrings for Slack’s public key: 
    sudo mkdir -p /usr/share/debsig/keyrings/EF16C3DFD9B018BE sudo mkdir -p /etc/debsig/policies/EF16C3DFD9B018BE
  4. Initialise an empty keyring (the signing key is a GPGv1 key, so you must follow this step to ensure it's imported correctly):
    sudo touch /usr/share/debsig/keyrings/EF16C3DFD9B018BE/debsig.gpg
  5. Import Slack’s public key into the corresponding debsigs keyring:
    sudo gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/EF16C3DFD9B018BE/debsig.gpg --import slack_pubkey_20240822.gpg
  6. Create a new file in your editor of choice:
    /etc/debsig/policies/EF16C3DFD9B018BE/slack.pol
    Then, paste the following:
    <?xml version="1.0"? <!DOCTYPE Policy SYSTEM "https://www.debian.org/debsig/1.0/policy.dtd"> <Policy xmlns="https://www.debian.org/debsig/1.0/"> <Origin Name="Slack" id="EF16C3DFD9B018BE" Description="Slack"/> <Selection>
        <Required Type="origin" File="debsig.gpg"
    id="EF16C3DFD9B018BE"/> </Selection>
      <Verification>
        <Required Type="origin" File="debsig.gpg" id="EF16C3DFD9B018BE"/> </Verification> </Policy>
  7. Save the file, and exit the editor.
  8. Check the package signature:
    debsig-verify .deb
    The output should say: 
    Debsig: Verified package from ‘Slack’ (Slack)

RPM-based distributions

  1. Download Slack's public key:  wget https://slack.com/gpg/slack_pubkey_20230710.gpg
  2. Import Slack’s public key into RPM: 
    sudo rpm --import slack_pubkey_20230710.gpg
  3. Check the package signature:
    rpm --checksig .rpm
    On Red Hat Linux 8 and above, the output should say: 
    .rpm: digests signatures OK

Debian-based distributions

Here's how to verify package signatures using debsig-verify 0.15 (or above), which is in Ubuntu 18.04 (or above).
  1. The Slack for Linux (beta) app is signed using debsigs. You will need to install the program debsig-verify to verify the packages: sudo apt install debsig-verify
  2. Next, download Slack's public key:
    wget https://slack.com/gpg/slack_pubkey_20230710.gpg
  3. Create directories to store debsigs policies and keyrings for Slack’s public key: 
    sudo mkdir -p /usr/share/debsig/keyrings/262281B2DDE0F7A1 sudo mkdir -p /etc/debsig/policies/262281B2DDE0F7A1
  4. Initialise an empty keyring (the signing key is a GPGv1 key, so you must follow this step to ensure that it's imported correctly):
    sudo touch /usr/share/debsig/keyrings/262281B2DDE0F7A1/debsig.gpg
  5. Import Slack’s public key into the corresponding debsigs keyring:
    sudo gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/262281B2DDE0F7A1/debsig.gpg --import slack_pubkey_20230710.gpg
  6. Create a new file in your editor of choice:
    /etc/debsig/policies/262281B2DDE0F7A1/slack.pol
    Then, paste the following:

        id="262281B2DDE0F7A1"/>

     
       
  7. Save the file, and exit the editor.
  8. Check the package signature:
    debsig-verify .deb
    The output should say: 
    Debsig: Verified package from ‘Slack’ (Slack)