Using PGP/GPG keys

Widevine requires every device manufacturer to supply a single public PGP/GPG key to be used to secure keybox transfers.

  1. Only one PGP key is allowed per organization (company).
    • The email associated with this PGP key must be from a company email address.
    • Widevine will set up this user-provided PGP key during the first time registration of an organization (company).
  2. All users from the same organization need access to use this PGP key.
  3. Every user must have the private PGP key and passphrase.

Given the above requirements, our recommendations are:

  • To create a group company email address for all users.
  • Generate a PGP key pair using the group email address.
    • Share the PGP key pair information among all company users.
  • Provide this public PGP key to Widevine.

An example shared company email address = widevine-keys@mycompany.com

Requirements

Use the most recent version of GPG at https://gnupg.org/ for generating the PGP key pair.

To create a PGP keypair using the GPG tools, run:

gpg --gen-key

Please choose option 1 - RSA and RSA. Our system ONLY supports RSA.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 8192 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

Once you have created your PGP/GPG keys, please export just the PUBLIC key in ASCII Armor format (please do not send us your secret key).

gpg --armor --export email@domain.com

Again, this email address needs to be your shared company email address and not your individual company email address.

To read more about on PGP/GPG, please refer to the following website - https://www.gnupg.org/gph/en/manual.html

Widevine PGP Key for Device Credentials

All keybox files are PGP-encrypted with your PGP key and Widevine’s PGP key. If required, you may import the Widevine public PGP key below.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBF87WKgBDAC+eL8zDGGFqM12iNsCvf9Z4se5HGldwVzxb6J6J2MhQLBNfrtx
tpq4Ef1prFvC4N1RL7BgpF9tLLWrrnaMVJcW5RGnhYgo393gxjdA6UBiL0+xdqeh
xKKIcVkB9CpR/J/2pMLdinYGaxZpWbiM4v7xQnSIiGzeCv+RhNlxh7h23kJ4Kst+
nQkaymkUXO241kwc6umyGadczV0Ha+eMgbPEoxubSNqWMFgEPLyJs2hAenIJZFuj
UmIic7ijzAjK9zMfmY71T6ASJYnk7MyCrtLRub8iZkQrURo35bONcxqbIsefzBqI
9iUm6iB0Fwdur8R6SDjDdUfjAsSj6aj04uyzTufvXqxMLPknVSWy9YgBqWUwiwmu
HSDUKnqHfaTN2zTrRaNGzQprXyc35v8K9o8Z3l9mCBbwFTfxMmpexkTQtIY6nP34
GG0DJsJtVlbET3AT+tbM6gcIEsseK8MTx5/LiZ/9dwdGHv2FYcpQ7ive3kwbOdX9
RwooM/HmIYAEbwcAEQEAAbR8V2lkZXZpbmUgS2V5Ym94IFJlcXVlc3RzIChDcmVh
dGVkIGluIDIwMjAgZm9yIHNpZ25pbmcgYW5kIGVuY3J5cHRpbmcgV2lkZXZpbmUg
a2V5Ym94IHJlcXVlc3RzLikgPGtleWJveHJlcXVlc3RAd2lkZXZpbmUuY29tPokB
1AQTAQoAPhYhBLJ39vAG2pIPp7qm8gDljsE/iFMBBQJfO1ioAhsDBQkSzAMABQsJ
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEADljsE/iFMBv4YL/2k4S1u0+KR9RmOG
yt7Tb+49JICBpNnLjDSAdnVNhoAGP3ObWgfAfMlxQ93OrOg4WTz2SUXORfsMWxGC
pyUfBfVErOcJ0uRhPw3Jrj4U30dbLO+sJTBNOjEYdw4C4rFtgw5y02Ghnog54pBZ
PJUhNJAgjbNcORP4ihsYusyTKJFB09pBaC+HIqNzbrVLPnXbwVyYssIyllYDuHTj
5WjtC9XNN++jJNAMYOy3OMVN3heyZfiWP9SBTLVxpd9bygc1VtQHSptQgOdH3Pkz
AuLZO5o3rl0fhAKR5alMMkzM/h7QWnRTmV1s0KjPu22aXD1M3ICw2bN+j15wXJqH
ZnyQlC3a9U0IZ9vWvz1u98SgS1SE0q9Lp5Gb/62KzJMV8LX5CmixUNKj1Y45gqqa
nPXhAkL4bdnn6Cx/Mjo5tI9oG9j7D/Je9oNKGrajkMXJ9Oq0LoZr5UglXUYZ9RNq
cBIBHrj8lK7gmladebzWcL1e0rTeP5r332az/AKmGWNEjAH0jLkBjQRfO1ioAQwA
1ercRLhWjjPtMwAwRTkU+FamVo9T1kK4eVnr+0S6GErk1qk0vKEAverQ18W5aMyQ
iYZGKCSw8EpILGb6JnM9Qs3sZG68g6t+ay5Xfg6wTMWbErcq1DfJ2IqPfeWYwqJ7
iC5Ko89s6UMk02D+P4eBSgZrr0pMyRPvfjPeHZ/f/RuBrmaYHfx5yGgmbqXbAv9z
wzrVeWZWQKHNrRG5SHghPhXUz3xxCAa8skz+HzGO1Nq4FluYNQNe/eU8BR5Asx2Z
iwVZzO33MKGUEIADZhZy4YfrSzRUvme2h/WPbOkeo73+zLQNYcsMSkkhM55kHjmw
aggKpuNSVTDNYPoRMDlju+o5obAa8V9q+eyR/IUF+3yHvBWt2yrhhmrdRJyhfNAC
j1sJa3ZDMYAOyLhkc2bZ6WdlzCRjpoI75zbmE28pFnrfw/mWKyUFZvnjKUZezWes
0jV58/49a07FRTT/x/eGa7ElGIl1sYGM6491IH0EO6jiKFydvPJYXaQYAG7ZqEKP
ABEBAAGJAbwEGAEKACYWIQSyd/bwBtqSD6e6pvIA5Y7BP4hTAQUCXztYqAIbDAUJ
EswDAAAKCRAA5Y7BP4hTAXs4C/9+4ynBg/k7tYBm6plVIHI4jfVZoiPXZf/E5sSm
uUdjDUj3mOvGr5guoDXsAwGUSklCPW3EsF4Fip0kO08GWq74bNlznSDwFO5hi04o
EEI7VJZ56xHh42ZtdOV+qA2tXD2BVBfVPc0Dyi1Wcs689lUIiPWmIau0uKJw9XQ5
ED9jvorO7QHKWcwvMjn/mHJ16Z3Ns/6Cwzqk+Kjx7vSZpmHsR2MmKDF2+MHk8eWF
ADx3fxUS8gJ1Mc0kXhO7kbxKoxJZVQUJ/ATW5oPRpQq7SwOch6AXVixQO8FsaIWp
itDR86hTWzAyNiLsgbGzmDEE8OndMErZehR6VnQ2Au6jiGARC+vB4DEzQYABt4Hc
bfHu9voWyiQrj5jLHT3R0FYT1g0O7KyJNi7pf5LpunwhMb20vkAw98bSdBW6UHK4
aRb9hphnxs2DvyvZ9YMbFXtP/ZWG/Ft+HFvFSJ27l1ut/JkyIlwE6kaLs2OheoQU
DvSyJYGsA/t8lbki1iOgb1TVs5U=
=Nrac
-----END PGP PUBLIC KEY BLOCK-----

Widevine PGP Key for Engineering and Bugs

Use this PGP key to secure information for bug submission or engineering discussions.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFSI2C0BCADlhrUEuaGNRM84RsnZ4TisfIiZP0tP398PhTnWNZ8eQrNAu++v
b1te5ON7LVv/95yhmRWWq8OyBKQBtU4cRBuQgpTHVimfg3T5wimubA+mTOKyu+g8
0ZVel6LIOte2hU3QM/84HyY2tdLnmWrPs730KcDGdBG9cFF2sYLA0MPuVmuEN1Pr
mFfUbLgSKe1511jCbp9Gqgb0QXkIhUxweE9PiOClq+6sDyMdMMNScjA5QQAHeRGz
C6mcjiIS5C2h0FuVh2d3mwPZH+p90YaNETGluTM/EFObqJjCaPFsuXjYWd+J1dWh
WDwPu5gLChUpJmKJ2e4ns4WM61VqWuAjNF8NABEBAAG0LldpZGV2aW5lIEVuZ2lu
ZWVyaW5nIDx3aWRldmluZS1lbmdAZ29vZ2xlLmNvbT6JATgEEwECACIFAlSI2C0C
GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOTiG5ODxuC/0g8IAM5riWvS
7WaPbqLAaWAnPat+tvOExv3+QWJ5eWPcg5SDgigeikzbl6gSiTmXrLhuV7TrUI5+
3o7EtiM6ChC18liZbAXNPiYiIImWdPsxvr7kxrqrq7OLgpM+rWKMLqUXqQF+9xyG
5pTF2o3AeqUSuXNTmq7w5A4rZiV0mjJxMNE+6VX5cxUQK64ELEHu0OQIAcAYYgms
/FNqQieKhMK2o0s/ClbsgCmw8qIJd6AHUA37S9w8iZQSonBsIYbT2T2BbwEsQP9Q
11KpknDq7KTopfMtYiSq3fKCR8F7h8DMpkblBLfA86wunpWhzGfmX1JyeZqSRUeF
pL8BRq0swmShLWm5AQ0EVIjYLQEIAJ+vOFcc+myw58UNmZXXxANoCEz4sQWHDjiq
HBvgLDmvjS2I9fTAr3BqZS5vkt7TyUcne0VwKf4qtSiGuf95Z/yDU+UGIrOvVtRj
jdG1O6YDvi1QKFOrvqUjwrA69fsVpfPU1M8umD9NB20/3D5OHVHHLLbi14pbrnoU
/kDRbAO8J0lP6FIZyrxQUv7aiGprdKm/1exQ53D58qBlMDSM8LGJ+85ejkKqRpei
OIRp/as5vozwSQp9ZPFyGoWpge8rpBwYLaMpZgepB4Pv7VQEH0uRYUQbto0gFmkM
DFDa35qOFLYEwNbgTwk2ryPu2+Et8qh+zrULuwbSthBMTz5nun8AEQEAAYkBHwQY
AQIACQUCVIjYLQIbDAAKCRDk4huTg8bgv+4HCADewa6b0FGe4ZSi4RSTn1/C1ysC
kxIBKV1mCwwf8f60AXyimOaziUz3YEp6E/4bFCOrz9O1kqiPH2+Z8/UdEwJBO4md
SYPHECcksTfl33OVytGG+00GW4sdndzbeT6vGI3lltUNzytXmYwO+7wPYrPeSvWb
E25/1MA2kEn/3YxLINZwpT6jP7B7BINgHKTEUffkQ6Sw//PC4TUW/Phc7Ld47eEw
/buH6Y8ZnheYMRj+hcpuGcPpxGZ52ctbiuFb98/dm3Fa0VyHJwcn5AVN2GTypPdy
cwEy8e3V/zoCieB56xrJ6IbB6x8L22bvoABw/OmlghD/XRAMq7YwrrtUv2CE
=BEDd
-----END PGP PUBLIC KEY BLOCK-----