On 2016-04-28 21:08, Andreas Benzler wrote: > repository gpg can be found in > /etc/pki/rpm-gpg/ > > read the repo file(s) in > > /etc/yum.repos.d/ > > cat /etc/yum.repos.d/CentOS-Base.repo > # CentOS-Base.repo > # > # The mirror system uses the connecting IP address of the client and the > # update status of each mirror to pick mirrors that are updated to and > # geographically close to the client. You should use this for CentOS > updates > # unless you are manually picking other mirrors. > # > # If the mirrorlist= does not work for you, as a fall back you can try > the > # remarked out baseurl= line instead. > # > # > > [base] > name=CentOS-$releasever - Base > mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch= > $basearch&repo=os&infra=$infra > #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ > gpgcheck=1 > gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Apparently I wasn't clear enough. I'm using Arch Linux (i.e. I haven't access to the gpg key that comes with an installation) and would like to verify the ISO I've downloaded. To-do that I need the key used to sign the "sha256sum.txt.asc" file. I need to import the CentOS Release 7 (and maybe additional keys) from a keyserver or download the keyfile to be able do that. Regards, Albin