JavaScript is turned off in your web browser. To take full advantage of Ribose features, please enable JavaScript and refresh the page. Ribose > Ribose Usage of OpenPGP

Ribose Usage of OpenPGP


For the protection of our users, Ribose utilizes cryptographic signatures to ensure that emails sent to you can be verified to be authentic.

Ribose utilizes a set of official OpenPGP keys to sign all outgoing emails, with their public keys posted here, to allow you to verify that an email indeed has been sent by the Ribose system and has not been tampered with. We strongly encourage you to utilize software that helps you do this.

Active Ribose OpenPGP keys are used for signing all emails from the Ribose system to users. All such keys are in RSA with a life span limit. All current and previous public keys used are shown on this page.

More information on OpenPGP can be found on Wikipedia’s PGP page and IETF’s RFC4880 page.

Verifying Ribose OpenPGP email signatures

We encourage you to use email clients that support OpenPGP signatures to confirm the authenticity of email from Ribose. Certain email clients support OpenPGP signatures natively (Enigmail) and some require installation of OpenPGP plugins. While different clients represent verified signatures differently most display a 'check' or 'tick' icon once confirmed as authentic.

Here are some tools that can be used to verify authenticity of the Ribose OpenPGP signature

  1. RNP is a set of OpenPGP tools

  2. Thunderbird with Enigmail add-on from The Enigmail Project (cross-platform)

  3. Apple Mail with GPG Suite from GPGTools (Apple macOS / OS X)

  4. Gpg4win and the Outlook Privacy Plugin (Windows)

  5. Other clients are shown on the official GnuPG page. For clients that do not support plugins, you can always check our OpenPGP signature by saving the mail message to a file and verifying it using GnuPG (gpg) manually.

Steps to validate email using OpenPGP

  1. Get a compatible version of OpenPGP software for your operating system.

  2. Get our public key from the list below.

  3. Use OpenPGP software or OpenPGP command line to verify the status of the signature.

Our OpenPGP public keys

These keys are used for signing all emails from the Ribose system to users. Users may note the expiry date.

  • Loading…​

Previously used OpenPGP public keys

These keys have been used by Ribose in the past and are shown here for validation of old messages and historic purposes.

  • Loading…​