cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bwhitlock
Observer
Observer
1,517 Views
Registered: ‎08-29-2017

Xilinx Public Key

While attempting to verify the signature of the 2018.2.2 HLx update, I found a discrepancy with the Xilinx public key.

 

The public key was downloaded from the Xilinx downloads page:

download.jpg

 

While importing the public key, I noticed that the key signature, and generation date do not match the information listed in UG973.

 

UG973:

ug973.jpg

 

Key downloaded from Xilinx downloads page:

downloaded_key

 

Due to the discrepancy, I do not think that I can certify this key, and would not use this key to verify authenticity of the downloaded HLx update.

 

How can I verify the authenticity of the downloaded public key so that I can certify the key?

 

Regards,

Brad

 

PS: I have attached the downloaded public key, but had to change the extension from asc to txt.

gpg --version -> 1.4.20

 

0 Kudos
2 Replies
nupurs
Moderator
Moderator
1,446 Views
Registered: ‎06-24-2015

@bwhitlock

The UG973 contains the public key for 2018.2, however you are comparing that with the 2018.2.2 update.

Can you verify it with the public key for 2018.2 instead?

Thanks,
Nupur
--------------------------------------------------------------------------------------------
Google your question before posting. If someone's post answers your question, mark the post as answer with "Accept as solution". If you see a particularly good and informative post, consider giving it Kudos (click on the 'thumbs-up' button).
kenryan2
Explorer
Explorer
823 Views
Registered: ‎04-22-2015

I know this is an old thread, but I'm seeing the same issue.  I'm setting up 2018.2 on a new machine (version required to support a production design).

I have verified that the xilinx-master-signing-key.asc for 2018.2, 2018.2.1 and 2019.2 are all identical.  I get the same values the OP does when I import the key.

 

Thanks in advance!

ken

0 Kudos