Our Slack for Linux (beta) app’s packages are signed with GPG keys to show that they're coming from Slack. Use the signatures to verify the authenticity of our packages.
To complete these steps, you'll need superuser privileges.
4.47 and above
4.46 and below
RPM-based distributions
Download Slack's public key: wget https://slack.com/gpg/slack_pubkey_20251016.gpg
Import Slack’s public key into RPM: sudo rpm --import slack_pubkey_20251016.gpg
Check the package signature: rpm --checksig .rpm On Red Hat Linux 8 and above, the output should say: .rpm: digests signatures OK
Debian-based distributions
Here's how to verify package signatures using debsig-verify 0.15 (or above), which is in Ubuntu 20.04 (or above).
The Slack for Linux (beta) app is signed using debsigs. You will need to install the program debsig-verify to verify the packages: sudo apt install debsig-verify
Next, download Slack's public key: wget https://slack.com/gpg/slack_pubkey_20251016.gpg
Create directories to store debsigs policies and keyrings for Slack’s public key: sudo mkdir -p /usr/share/debsig/keyrings/F3DDF3571F28FFDE sudo mkdir -p /etc/debsig/policies/F3DDF3571F28FFDE
Initialise an empty keyring (the signing key is a GPGv1 key, so you must follow this step to ensure that it's imported correctly): sudo touch /usr/share/debsig/keyrings/F3DDF3571F28FFDE/debsig.gpg
Import Slack’s public key into the corresponding debsigs keyring: sudo gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/F3DDF3571F28FFDE/debsig.gpg --import slack_pubkey_20251016.gpg
Create a new file in your editor of choice: /etc/debsig/policies/F3DDF3571F28FFDE/slack.pol Then, paste the following: id="F3DDF3571F28FFDE"/>
Save the file, and exit the editor.
Check the package signature: debsig-verify .deb The output should say: Debsig: Verified package from ‘Slack’ (Slack)
RPM-based distributions
Download Slack's public key: wget https://slack.com/gpg/slack_pubkey_20240822.gpg
Import Slack’s public key into RPM: sudo rpm --import slack_pubkey_20240822.gpg
Check the package signature: rpm --checksig .rpm On Red Hat Linux 8 and above, the output should say: .rpm: digests signatures OK
Debian-based distributions
Here's how to verify package signatures using debsig-verify 0.15 (or above), which is in Ubuntu 20.04 (or above).
The Slack for Linux (beta) app is signed using debsigs. You will need to install the program debsig-verify to verify the packages: sudo apt install debsig-verify
Next, download Slack's public key: wget https://slack.com/gpg/slack_pubkey_20240822.gpg
Create directories to store debsigs policies and keyrings for Slack’s public key: sudo mkdir -p /usr/share/debsig/keyrings/EF16C3DFD9B018BE sudo mkdir -p /etc/debsig/policies/EF16C3DFD9B018BE
Initialise an empty keyring (the signing key is a GPGv1 key, so you must follow this step to ensure it's imported correctly): sudo touch /usr/share/debsig/keyrings/EF16C3DFD9B018BE/debsig.gpg
Import Slack’s public key into the corresponding debsigs keyring: sudo gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/EF16C3DFD9B018BE/debsig.gpg --import slack_pubkey_20240822.gpg
Create a new file in your editor of choice: /etc/debsig/policies/EF16C3DFD9B018BE/slack.pol Then, paste the following: id="EF16C3DFD9B018BE"/>
Save the file, and exit the editor.
Check the package signature: debsig-verify .deb The output should say: Debsig: Verified package from ‘Slack’ (Slack)
