JavaScript is turned off in your web browser. To take full advantage of Ribose features, please enable JavaScript and refresh the page.

Ribose Usage of PGP

Introduction

For the protection of our users, Ribose utilizes cryptographic signatures to ensure that emails sent to you can be verified to be authentic.

Ribose utilizes a set of official OpenPGP keys to sign all outgoing emails, with their public keys posted here, to allow you to verify that an email indeed has been sent by the Ribose system and has not been tampered with. We strongly encourage you to utilize software that helps you do this.

Active Ribose PGP keys are used for signing all emails from the Ribose system to users. All such keys are in RSA with a life span limit. All current and previous public keys used are shown on this page.

More information on OpenPGP can be found on Wikipedia's PGP page and IETF's RFC4880 page.

Verifying Ribose PGP email signatures

We encourage you to use email clients that support PGP signatures to confirm the authenticity of email from Ribose. Certain email clients support PGP signatures natively (Enigmail) and some require installation of PGP plugins. While different clients represent verified signatures differently most display a 'check' or 'tick' icon once confirmed as authentic.

Here are some tools that can be used to verify authenticity of the Ribose PGP signature

  1. Thunderbird with Enigmail add-on from The Enigmail Project (cross-platform)
  2. Apple Mail with GPG Suite from GPGTools (Apple macOS / OS X)
  3. Gpg4win and the Outlook Privacy Plugin (Windows)
  4. Other clients are shown on the official GnuPG page. For clients that do not support plugins, you can always check our PGP signature by saving the mail message to a file and verifying it using GnuPG (gpg) manually.

Steps to validate email using PGP

  1. Get a compatible version of PGP software for your operating system.
  2. Get our public key from the list below.
  3. Use PGP software or PGP command line to verify the status of the signature.

Our PGP public keys

These keys are used for signing all emails from the Ribose system to users. Users may note the expiry date.

    Previously used PGP public keys

    These keys have been used by Ribose in the past and are shown here for validation of old messages and historic purposes.

      Get Started

      Getting Started