Security

Signed Release Artifacts and Assets

To ensure the authenticity of Maven artifacts and downloaded tools such as the org.hl7.fhir.core Validator or the IG Publisher, we provide .asc signatures. These signatures can be verified using GPG (GNU Privacy Guard) to confirm that the files have not been tampered with and are indeed from the official source.

You can download the public key used for signing here

Keys are also available on the Ubuntu keyserver.

Updated: