For the protection of our users, Ribose utilizes cryptographic signatures to ensure that emails sent to you can be verified to be authentic.
Ribose utilizes a set of official OpenPGP keys to sign all outgoing emails, with their public keys posted here, to allow you to verify that an email indeed has been sent by the Ribose system and has not been tampered with. We strongly encourage you to utilize software that helps you do this.
Active Ribose OpenPGP keys are used for signing all emails from the Ribose system to users. All such keys are in RSA with a life span limit. All current and previous public keys used are shown on this page.
We encourage you to use email clients that support OpenPGP signatures to confirm the authenticity of email from Ribose. Certain email clients support OpenPGP signatures natively (Enigmail) and some require installation of OpenPGP plugins. While different clients represent verified signatures differently most display a 'check' or 'tick' icon once confirmed as authentic.
Here are some tools that can be used to verify authenticity of the Ribose OpenPGP signature
RNP is a set of OpenPGP tools
Apple Mail with GPG Suite from GPGTools (Apple macOS / OS X)
Other clients are shown on the official GnuPG page. For clients that do not support plugins, you can always check our OpenPGP signature by saving the mail message to a file and verifying it using GnuPG (gpg) manually.
Steps to validate email using OpenPGP
Get a compatible version of OpenPGP software for your operating system.
Get our public key from the list below.
Use OpenPGP software or OpenPGP command line to verify the status of the signature.
These keys are used for signing all emails from the Ribose system to users. Users may note the expiry date.
These keys have been used by Ribose in the past and are shown here for validation of old messages and historic purposes.