File tree Expand file tree Collapse file tree 1 file changed +37
-0
lines changed Expand file tree Collapse file tree 1 file changed +37
-0
lines changed Original file line number Diff line number Diff line change @@ -13,3 +13,40 @@ Verify Integrity of MongoDB Packages
1313.. |arrow| unicode:: U+27A4
1414
1515.. include:: includes/rc-available.rst
16+
17+ The MongoDB release team digitally signs all software packages to
18+ certify that a particular MongoDB package is a valid and unaltered
19+ MongoDB release. Before installing MongoDB, you should validate the
20+ package using either the provided PGP signature or SHA-256 checksum.
21+
22+ PGP signatures provide the strongest guarantees by checking both the
23+ authenticity and integrity of a file to prevent tampering.
24+
25+ Cryptographic checksums only validate file integrity to prevent network
26+ transmission errors.
27+
28+ Verify Linux/macOS Packages
29+ ---------------------------
30+
31+ Use PGP/GPG
32+ ~~~~~~~~~~~
33+
34+ MongoDB signs each release branch with a different PGP key. The public
35+ key files for each release branch since MongoDB 2.2 are available for
36+ download from the `key server <https://pgp.mongodb.com/>`_
37+ in both textual ``.asc`` and binary ``.pub`` formats.
38+
39+ .. include:: /includes/steps/install-verify-files-pgp.rst
40+
41+ Use SHA-256
42+ ~~~~~~~~~~~
43+
44+ .. include:: /includes/steps/install-verify-files-sha.rst
45+
46+ Verify Windows Packages
47+ -----------------------
48+
49+ The following procedure verifies the MongoDB binary against its SHA256 key.
50+
51+ .. include:: /includes/steps/install-verify-files-windows.rst
52+
You can’t perform that action at this time.
0 commit comments