Key ID/Type/Fingerprint	Description	Created	Expired
`0xBB572E0E2D182910` (4096-bit RSA) `13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910`	Gentoo Linux Release Engineering (Automated Weekly Release Key)	2009-08-25	2015-08-24
`0xDB6B8C1F96D8BF6D` (4096-bit RSA) `DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D`	Gentoo Portage Snapshot Signing Key (Automated Signing Key)	2011-11-25	2015-11-24
`0x9E6438C817072058` (1024-bit DSA) `D99E AC73 79A8 50BC E47D A5F2 9E64 38C8 1707 2058`	Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key)	2004-07-20	2016-08-13

Key ID/Type/Fingerprint

Description

Created

Expired

0xBB572E0E2D182910 (4096-bit RSA)
13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910

Gentoo Linux Release Engineering (Automated Weekly Release Key)

2009-08-25

2015-08-24

0xDB6B8C1F96D8BF6D (4096-bit RSA)
DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D

Gentoo Portage Snapshot Signing Key (Automated Signing Key)

2011-11-25

2015-11-24

0x9E6438C817072058 (1024-bit DSA)
D99E AC73 79A8 50BC E47D A5F2 9E64 38C8 1707 2058

Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key)

2004-07-20

2016-08-13

To verify downloaded files are not tampered with, you need the .DIGESTS file matching your release and the matching key from the table above.

Fetch the key:

gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys <key id>

Verify the DIGESTS file:

gpg --verify <foo.DIGESTS.asc>

Verify the download matches the digests. At least one of the following will exist:

sha512sum -c <foo.DIGESTS.asc>

sha256sum -c <foo.DIGESTS.asc>

sha1sum -c <foo.DIGESTS.asc>

Detailed instructions are available in the Gentoo Handbook.