--- /dev/null
+ Fingerprints
+
+OpenSSL releases are signed with PGP/GnuPG keys. You can find the
+signatures in separate files in the same location you find the
+distributions themselves. The normal file name is the same as the
+distribution file, with '.asc' added. For example, the signature for
+the distribution of OpenSSL 0.9.7f, openssl-0.9.7f.tar.gz, is found in
+the file openssl-0.9.7f.tar.gz.asc.
+
+The following is the list of fingerprints for the keys that are
+currently in use (have been used since summer 2004) to sign OpenSSL
+distributions:
+
+pub 1024D/F709453B 2003-10-20
+ Key fingerprint = C4CA B749 C34F 7F4C C04F DAC9 A7AF 9E78 F709 453B
+uid Richard Levitte <richard@levitte.org>
+uid Richard Levitte <levitte@openssl.org>
+uid Richard Levitte <levitte@lp.se>
+
+pub 2048R/F295C759 1998-12-13
+ Key fingerprint = D0 5D 8C 61 6E 27 E6 60 41 EC B1 B8 D5 7E E5 97
+uid Dr S N Henson <shenson@drh-consultancy.demon.co.uk>
+
+pub 1024R/49A563D9 1997-02-24
+ Key fingerprint = 7B 79 19 FA 71 6B 87 25 0E 77 21 E5 52 D9 83 BF
+uid Mark Cox <mjc@redhat.com>
+uid Mark Cox <mark@awe.com>
+uid Mark Cox <mjc@apache.org>