Using PGP/GPG keys
Widevine requires every device manufacturer to supply a single public PGP/GPG key to be used to secure keybox transfers.
- Only one PGP key is allowed per organization (company).
- The email associated with this PGP key must be from a company email address.
- Widevine will set up this user-provided PGP key during the first time registration of an organization (company).
- All users from the same organization need access to use this PGP key.
- Every user must have the private PGP key and passphrase.
Given the above requirements, our recommendations are:
- To create a group company email address for all users.
- Generate a PGP key pair using the group email address.
- Share the PGP key pair information among all company users.
- Provide this public PGP key to Widevine.
An example shared company email address = widevine-keys@mycompany.com
Requirements
Use the most recent version of GPG at https://gnupg.org/ for generating the PGP key pair.
To create a PGP keypair using the GPG tools, run:
gpg --gen-key
Please choose option 1 - RSA and RSA. Our system ONLY supports RSA.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 8192 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
Once you have created your PGP/GPG keys, please export just the PUBLIC key in ASCII Armor format (please do not send us your secret key).
gpg --armor --export email@domain.com
Again, this email address needs to be your shared company email address and not your individual company email address.
To read more about on PGP/GPG, please refer to the following website - https://www.gnupg.org/gph/en/manual.html
Widevine PGP Key for Device Credentials
All keybox files are PGP-encrypted with your PGP key and Widevine’s PGP key. If required, you may import the Widevine public PGP key below.
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBF87WKgBDAC+eL8zDGGFqM12iNsCvf9Z4se5HGldwVzxb6J6J2MhQLBNfrtx
tpq4Ef1prFvC4N1RL7BgpF9tLLWrrnaMVJcW5RGnhYgo393gxjdA6UBiL0+xdqeh
xKKIcVkB9CpR/J/2pMLdinYGaxZpWbiM4v7xQnSIiGzeCv+RhNlxh7h23kJ4Kst+
nQkaymkUXO241kwc6umyGadczV0Ha+eMgbPEoxubSNqWMFgEPLyJs2hAenIJZFuj
UmIic7ijzAjK9zMfmY71T6ASJYnk7MyCrtLRub8iZkQrURo35bONcxqbIsefzBqI
9iUm6iB0Fwdur8R6SDjDdUfjAsSj6aj04uyzTufvXqxMLPknVSWy9YgBqWUwiwmu
HSDUKnqHfaTN2zTrRaNGzQprXyc35v8K9o8Z3l9mCBbwFTfxMmpexkTQtIY6nP34
GG0DJsJtVlbET3AT+tbM6gcIEsseK8MTx5/LiZ/9dwdGHv2FYcpQ7ive3kwbOdX9
RwooM/HmIYAEbwcAEQEAAbR8V2lkZXZpbmUgS2V5Ym94IFJlcXVlc3RzIChDcmVh
dGVkIGluIDIwMjAgZm9yIHNpZ25pbmcgYW5kIGVuY3J5cHRpbmcgV2lkZXZpbmUg
a2V5Ym94IHJlcXVlc3RzLikgPGtleWJveHJlcXVlc3RAd2lkZXZpbmUuY29tPokB
1AQTAQoAPhYhBLJ39vAG2pIPp7qm8gDljsE/iFMBBQJfO1ioAhsDBQkSzAMABQsJ
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEADljsE/iFMBv4YL/2k4S1u0+KR9RmOG
yt7Tb+49JICBpNnLjDSAdnVNhoAGP3ObWgfAfMlxQ93OrOg4WTz2SUXORfsMWxGC
pyUfBfVErOcJ0uRhPw3Jrj4U30dbLO+sJTBNOjEYdw4C4rFtgw5y02Ghnog54pBZ
PJUhNJAgjbNcORP4ihsYusyTKJFB09pBaC+HIqNzbrVLPnXbwVyYssIyllYDuHTj
5WjtC9XNN++jJNAMYOy3OMVN3heyZfiWP9SBTLVxpd9bygc1VtQHSptQgOdH3Pkz
AuLZO5o3rl0fhAKR5alMMkzM/h7QWnRTmV1s0KjPu22aXD1M3ICw2bN+j15wXJqH
ZnyQlC3a9U0IZ9vWvz1u98SgS1SE0q9Lp5Gb/62KzJMV8LX5CmixUNKj1Y45gqqa
nPXhAkL4bdnn6Cx/Mjo5tI9oG9j7D/Je9oNKGrajkMXJ9Oq0LoZr5UglXUYZ9RNq
cBIBHrj8lK7gmladebzWcL1e0rTeP5r332az/AKmGWNEjAH0jLkBjQRfO1ioAQwA
1ercRLhWjjPtMwAwRTkU+FamVo9T1kK4eVnr+0S6GErk1qk0vKEAverQ18W5aMyQ
iYZGKCSw8EpILGb6JnM9Qs3sZG68g6t+ay5Xfg6wTMWbErcq1DfJ2IqPfeWYwqJ7
iC5Ko89s6UMk02D+P4eBSgZrr0pMyRPvfjPeHZ/f/RuBrmaYHfx5yGgmbqXbAv9z
wzrVeWZWQKHNrRG5SHghPhXUz3xxCAa8skz+HzGO1Nq4FluYNQNe/eU8BR5Asx2Z
iwVZzO33MKGUEIADZhZy4YfrSzRUvme2h/WPbOkeo73+zLQNYcsMSkkhM55kHjmw
aggKpuNSVTDNYPoRMDlju+o5obAa8V9q+eyR/IUF+3yHvBWt2yrhhmrdRJyhfNAC
j1sJa3ZDMYAOyLhkc2bZ6WdlzCRjpoI75zbmE28pFnrfw/mWKyUFZvnjKUZezWes
0jV58/49a07FRTT/x/eGa7ElGIl1sYGM6491IH0EO6jiKFydvPJYXaQYAG7ZqEKP
ABEBAAGJAbwEGAEKACYWIQSyd/bwBtqSD6e6pvIA5Y7BP4hTAQUCXztYqAIbDAUJ
EswDAAAKCRAA5Y7BP4hTAXs4C/9+4ynBg/k7tYBm6plVIHI4jfVZoiPXZf/E5sSm
uUdjDUj3mOvGr5guoDXsAwGUSklCPW3EsF4Fip0kO08GWq74bNlznSDwFO5hi04o
EEI7VJZ56xHh42ZtdOV+qA2tXD2BVBfVPc0Dyi1Wcs689lUIiPWmIau0uKJw9XQ5
ED9jvorO7QHKWcwvMjn/mHJ16Z3Ns/6Cwzqk+Kjx7vSZpmHsR2MmKDF2+MHk8eWF
ADx3fxUS8gJ1Mc0kXhO7kbxKoxJZVQUJ/ATW5oPRpQq7SwOch6AXVixQO8FsaIWp
itDR86hTWzAyNiLsgbGzmDEE8OndMErZehR6VnQ2Au6jiGARC+vB4DEzQYABt4Hc
bfHu9voWyiQrj5jLHT3R0FYT1g0O7KyJNi7pf5LpunwhMb20vkAw98bSdBW6UHK4
aRb9hphnxs2DvyvZ9YMbFXtP/ZWG/Ft+HFvFSJ27l1ut/JkyIlwE6kaLs2OheoQU
DvSyJYGsA/t8lbki1iOgb1TVs5U=
=Nrac
-----END PGP PUBLIC KEY BLOCK-----
Widevine PGP Key for Engineering and Bugs
Use this PGP key to secure information for bug submission or engineering discussions.
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFSI2C0BCADlhrUEuaGNRM84RsnZ4TisfIiZP0tP398PhTnWNZ8eQrNAu++v
b1te5ON7LVv/95yhmRWWq8OyBKQBtU4cRBuQgpTHVimfg3T5wimubA+mTOKyu+g8
0ZVel6LIOte2hU3QM/84HyY2tdLnmWrPs730KcDGdBG9cFF2sYLA0MPuVmuEN1Pr
mFfUbLgSKe1511jCbp9Gqgb0QXkIhUxweE9PiOClq+6sDyMdMMNScjA5QQAHeRGz
C6mcjiIS5C2h0FuVh2d3mwPZH+p90YaNETGluTM/EFObqJjCaPFsuXjYWd+J1dWh
WDwPu5gLChUpJmKJ2e4ns4WM61VqWuAjNF8NABEBAAG0LldpZGV2aW5lIEVuZ2lu
ZWVyaW5nIDx3aWRldmluZS1lbmdAZ29vZ2xlLmNvbT6JATgEEwECACIFAlSI2C0C
GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOTiG5ODxuC/0g8IAM5riWvS
7WaPbqLAaWAnPat+tvOExv3+QWJ5eWPcg5SDgigeikzbl6gSiTmXrLhuV7TrUI5+
3o7EtiM6ChC18liZbAXNPiYiIImWdPsxvr7kxrqrq7OLgpM+rWKMLqUXqQF+9xyG
5pTF2o3AeqUSuXNTmq7w5A4rZiV0mjJxMNE+6VX5cxUQK64ELEHu0OQIAcAYYgms
/FNqQieKhMK2o0s/ClbsgCmw8qIJd6AHUA37S9w8iZQSonBsIYbT2T2BbwEsQP9Q
11KpknDq7KTopfMtYiSq3fKCR8F7h8DMpkblBLfA86wunpWhzGfmX1JyeZqSRUeF
pL8BRq0swmShLWm5AQ0EVIjYLQEIAJ+vOFcc+myw58UNmZXXxANoCEz4sQWHDjiq
HBvgLDmvjS2I9fTAr3BqZS5vkt7TyUcne0VwKf4qtSiGuf95Z/yDU+UGIrOvVtRj
jdG1O6YDvi1QKFOrvqUjwrA69fsVpfPU1M8umD9NB20/3D5OHVHHLLbi14pbrnoU
/kDRbAO8J0lP6FIZyrxQUv7aiGprdKm/1exQ53D58qBlMDSM8LGJ+85ejkKqRpei
OIRp/as5vozwSQp9ZPFyGoWpge8rpBwYLaMpZgepB4Pv7VQEH0uRYUQbto0gFmkM
DFDa35qOFLYEwNbgTwk2ryPu2+Et8qh+zrULuwbSthBMTz5nun8AEQEAAYkBHwQY
AQIACQUCVIjYLQIbDAAKCRDk4huTg8bgv+4HCADewa6b0FGe4ZSi4RSTn1/C1ysC
kxIBKV1mCwwf8f60AXyimOaziUz3YEp6E/4bFCOrz9O1kqiPH2+Z8/UdEwJBO4md
SYPHECcksTfl33OVytGG+00GW4sdndzbeT6vGI3lltUNzytXmYwO+7wPYrPeSvWb
E25/1MA2kEn/3YxLINZwpT6jP7B7BINgHKTEUffkQ6Sw//PC4TUW/Phc7Ld47eEw
/buH6Y8ZnheYMRj+hcpuGcPpxGZ52ctbiuFb98/dm3Fa0VyHJwcn5AVN2GTypPdy
cwEy8e3V/zoCieB56xrJ6IbB6x8L22bvoABw/OmlghD/XRAMq7YwrrtUv2CE
=BEDd
-----END PGP PUBLIC KEY BLOCK-----