WordPress.org
Get WordPress
WordPress.org

WordPress Developer Resources

wp_trusted_keys()

wp_trusted_keys(): string[]

In this article

Back to top

Retrieves the list of signing keys trusted by WordPress.

Return

string[] Array of base64-encoded signing keys.

Source

function wp_trusted_keys() {
	$trusted_keys = array();

	if ( time() < 1617235200 ) {
		// WordPress.org Key #1 - This key is only valid before April 1st, 2021.
		$trusted_keys[] = 'fRPyrxb/MvVLbdsYi+OOEv4xc+Eqpsj+kkAS6gNOkI0=';
	}

	// TODO: Add key #2 with longer expiration.

	/**
	 * Filters the valid signing keys used to verify the contents of files.
	 *
	 * @since 5.2.0
	 *
	 * @param string[] $trusted_keys The trusted keys that may sign packages.
	 */
	return apply_filters( 'wp_trusted_keys', $trusted_keys );
}

View all references View on Trac View on GitHub

Hooks

apply_filters( ‘wp_trusted_keys’, string[] $trusted_keys )

Filters the valid signing keys used to verify the contents of files.

UsesDescription
apply_filters()wp-includes/plugin.php

Calls the callback functions that have been added to a filter hook.

Used byDescription
verify_file_signature()wp-admin/includes/file.php

Verifies the contents of a file against its ED25519 signature.

Changelog

VersionDescription
5.2.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.